Skip to main content

Posts

Showing posts from September, 2013

SQL Injection at Movistar.es [FIX]

Movistar is a major Spanish mobile phone operator owned by Telefónica S.A. operating in Spain and in many Latin American countries. It is the largest carrier in Spain with 22 million customers (cellphone services only)

I found this MSSQL Injection. By Adding ' WAITFOR DELAY '0:0:20'-- getting a positive response of 20-second delay. Proving this parameter SEOname is Vulnerable to SQL INJECTION.




I Report this to Movistar and they reply and FIX quick :)



Great job Movistar!

SQL Injection at archive.org [Fix]

The Internet Archive allows the public to upload and download digital material to its data cluster, but the bulk of its data is collected automatically by its web crawlers, which work to preserve as much of the public web as possible. Its web archive, The Wayback Machine, contains over 150+ billion web captures.

 Looking at archive.org I found a cool MySql Injection on the user panel. Using " and "1"="1"# instead of  ' and '1'='1'#

I did this by updating my nickname to 1" and "1"="1" union select version(0)# geting the version of mysql successfully.

Vulnerable URL:
https://archive.org/account/?screenname=1"+and+"1"="1"+union+select+version(0)#&action=change-screenname&submit=Change

I report this to archive.org and I never have a reply. After 4 months they fix it.


Proof:





A simple thank you would be nice.