Detailed information
Saytda SQL İnjection mövcuddur.
Bu boşluqdan istifadə edərək saytda yerləşdirilmiş məlumatları (Parollar, saytın strukturu və s. əldə etmək olar)
Sql inject here : nabaku.az/info/page.php?id=4
Username : tier-1 & tier-1
Password : 036b64ff34b6ecc85e174dce9412fa7f md5(19vanguard97) & f032043100bdfef8067e67c1e0acf15e (analhaggAA)
Admin panel : admin/auth.php
shell adress : nabaku.az/literature/books/mado.php
Uname -a : Linux nancy.timeweb.ru 4.1.35-timeweb #1 SMP Mon Oct 24 22:18:24 MSK 2016 x86_64
Comments
-
04 November 2016, 10:53
Vulnerability status
Source company is answered -
02 November 2016, 09:39
Vulnerability status
Sended e-mail to source about vulnerability -
01 November 2016, 15:53
Added point to Vulnerability
Moderator gave 9 point from 10 to vulnerability -
01 November 2016, 15:45
Vulnerability status
Confirmed by Moderator -
28 October 2016, 18:12
Vulnerability added
Vulnerability added to BUGemot