Wednesday, 9 December 2009

Mero IT (www.meroit.com) SQL injection vulnerability

This was referred to me by my friend in the college and on viewing the site, I found it was vulnerable to common SQLi. The scripts do not validate the GET variables and hence we can inject SQL queries through URL GET parameters.

Some interesting tables:
admin
client
personal_client_details

Anyway below is the screenshot of the hacked admin panel located at /admin



So if you are the webadmin of meroit.com you can find the article at http://www.sampctricks.blogspot.com to secure your PHP scripts...
Thanks...

3 comments:

  1. oye kaam chhaina. yehi gardai basnalai ho KU maa padna gako... police le laijala hai j payo tei garda..

    ReplyDelete
  2. yo khate harulai hack garna nai audaina bhanya. SQL vulnerable hune bhaneko ta website admin ko problem ho ni. It's just like you got the password. Yellai hack bhandaina. Khateharulai ke thaha

    ReplyDelete
  3. lol this son of bitch doesn't know what SQLi is. You don't know there's been stealing of billions of username, passes using this method. Fuck you noob and stop posting bullshit. You don't know how good these people are. They are better than you, son of motherfucker

    ReplyDelete