Wednesday 9 December 2009

Mero IT (www.meroit.com) SQL injection vulnerability

This was referred to me by my friend in the college and on viewing the site, I found it was vulnerable to common SQLi. The scripts do not validate the GET variables and hence we can inject SQL queries through URL GET parameters.

Some interesting tables:
admin
client
personal_client_details

Anyway below is the screenshot of the hacked admin panel located at /admin



So if you are the webadmin of meroit.com you can find the article at http://www.sampctricks.blogspot.com to secure your PHP scripts...
Thanks...
Posted by at
Labels: , ,

2 comments:

  1. Ko hola guess9 December 2009 at 09:14

    oye kaam chhaina. yehi gardai basnalai ho KU maa padna gako... police le laijala hai j payo tei garda..

    ReplyDelete
  2. Raid Busted and the zypsy hackerz13 January 2010 at 21:32

    yo khate harulai hack garna nai audaina bhanya. SQL vulnerable hune bhaneko ta website admin ko problem ho ni. It's just like you got the password. Yellai hack bhandaina. Khateharulai ke thaha

    ReplyDelete

Subscribe to: Post Comments (Atom)