Thursday, June 28, 2018

sefsas it sql injection

sefsas it sql injection




Sql Injection in the email confirmation url (there are several other):

http://bandi.sefsas.it/v3/store/actmail.asp?ida=[reg id]&cod=[sqlinjection]&idc=[customer id]

ex.: http://bandi.sefsas.it/v3/store/actmail.asp?ida=1005&cod=&idc=9999
archived: http://archive.is/kwwXf

full query sample in output

http://bandi.sefsas.it/v3/store/actmail.asp?ida=1005&cod=7913694013691841369169&idc=9999

SELECT AFFILIATE_ID, IDCUSTOMERTYPE, NAME, LASTNAME, EMAIL, CUSTOMERCOMPANY, ACTIVITY_ID, REGION_ID FROM CUSTOMERS WHERE IDCUSTOMER=9999 AND REMIP=

archived:http://archive.is/xDVeh

go to link download
Posted by at

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.

Subscribe to: Post Comments (Atom)