Crack Rule

All the hackers are Welcome. Please contribute your support to make this blog one of the top latest hacking trick adda.

Php City Portal Script Software SQL Injection

Posted by Nehul Agrawal

############################################################################
# Exploit Title: *Php City Portal Script Software SQL Injection*
# Google Dork: *Powered by PHPCityPortal.com*
# Date: *Decembar/07/2011*
# Author: *Don (BalcanCrew & BalcanHack)*
# Software Link: *http://phpcityportal.com*
# Version: *1.1*
# Tested on: *Apache (Unix)*
############################################################################
# An attacker may execute arbitrary SQL statements on the vulnerable system.
# This may compromise the integrity of your database and/or expose
sensitive information.
############################################################################
*Attack details:*
 
URL encoded GET input userName was set to *1'*
Error message found: supplied argument is not a valid MySQL result
 
Vulnerability:
*http://localhost/phpcityportal/profile.php?userName= (SQL)*
 
*How to fix this vulnerability:*
Filter metacharacters from user input.
 
*NOTE!*
*You have to be logged in!*
 
~Don 2011

Crack Rule

All the hackers are Welcome. Please contribute your support to make this blog one of the top latest hacking trick adda.

Php City Portal Script Software SQL Injection

0 Response to "Php City Portal Script Software SQL Injection"

Post a Comment

Number

CrackRuleShare

Labels

Content on this page requires a newer version of Adobe Flash Player.

Blog Archive

Info