Detailed information
Saytda SQL İnjection mövcuddur.
Bu boşluqdan istifadə edərək saytda yerləşdirilmiş məlumatları (Parollar, saytın strukturu və s. əldə etmək olar)
Sql inject here : http://www.herseybizde.az/sehife.php?kecid=Tel&Sehife=Oxu&id=63
Shell adress: http://www.herseybizde.az/sehifeler/IstHesab/sekil/avatar/301a3889c0e73cc617b3c8eaa8d68a8be72.php
Uname -a : Linux bigbaku 2.6.32-042stab113.11 #1 SMP Fri Dec 18 17:32:04 MSK 2015 x86_64
Exploit for server : http://0day.today/exploit/14601
Screens
Comments
-
02 November 2016, 13:38
Vulnerability status
Have not any information from source -
04 October 2016, 10:03
Added point to Vulnerability
For translate of bug gived 10 point to translator -
04 October 2016, 10:03
Added point to Vulnerability
For translate of bug gived 1 point to translator -
14 September 2016, 14:21
Vulnerability status
Sended e-mail to source about vulnerability -
14 September 2016, 10:12
Added point to Vulnerability
Moderator gave 10 point from 10 to vulnerability -
14 September 2016, 10:10
Vulnerability status
Confirmed by Moderator -
11 September 2016, 22:41
Vulnerability added
Vulnerability added to BUGemot