Sql injection & Server

herseybizde.az 11 September 2016, 22:41

Detailed information

Saytda SQL İnjection mövcuddur.
Bu boşluqdan istifadə edərək saytda yerləşdirilmiş məlumatları (Parollar, saytın strukturu və s. əldə etmək olar)
Sql inject here : http://www.herseybizde.az/sehife.php?kecid=Tel&Sehife=Oxu&id=63
Shell adress: http://www.herseybizde.az/sehifeler/IstHesab/sekil/avatar/301a3889c0e73cc617b3c8eaa8d68a8be72.php
Uname -a : Linux bigbaku 2.6.32-042stab113.11 #1 SMP Fri Dec 18 17:32:04 MSK 2015 x86_64
Exploit for server : http://0day.today/exploit/14601

Screens

Comments

  • 02 November 2016, 13:38
    Vulnerability status
    Have not any information from source

  • 04 October 2016, 10:03
    Added point to Vulnerability
    For translate of bug gived 10 point to translator

  • 04 October 2016, 10:03
    Added point to Vulnerability
    For translate of bug gived 1 point to translator

  • 14 September 2016, 14:21
    Vulnerability status
    Sended e-mail to source about vulnerability

  • 14 September 2016, 10:12
    Added point to Vulnerability
    Moderator gave 10 point from 10 to vulnerability

  • 14 September 2016, 10:10
    Vulnerability status
    Confirmed by Moderator

  • 11 September 2016, 22:41
    Vulnerability added
    Vulnerability added to BUGemot