MediaLab suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
f432a3493a7dfa182008b659655ce7486daeb8263fbd6ba9bb2c2434e64f293b
**************************************************************************************************
| @@@@@@@@ @@@@@@@@@ @@ @@ @@@@@ @@ @@ @@@@@@@@ |
| @ @ @ @ @ @ @ @ @ @ @ @ @ |
| @ @ @ @ @ @ @ @ @ @ @ @ @ |
| @ @ @@@ @ @ @ @ @ @ @ @ @ @ @ |
| @@@@@@@@ @@@ @@@ @ @ @ @ @ @ @ @ @ @@@@@@@@ |
| @ @ @ @ @ @ @ @ @ @ @ @ @ |
| @ @ @ @ @ @ @ @ @ @ @ @ @ |
| @ @ @ @ @ @ @ @ @ @ @ @ @@@ @ |
| @@@@@@@@ @ @ @ @ @ @@@@@ @ @ @ @@@ @@@@@@@@ |
**************************************************************************************************
==================================================================================================
# [~] Exploit Title: MediaLab SQL Injection Bug #
# [~] Google Dork : inurl:"view-folder.php?fid=" #
# [~] Date: 09/13/2012 (TH) #
# [~] Exploit Author: Samim.s #
# [~] Version: ALL Versions #
# [~] Tested on: Se7en & BT5 #
# [~] Support WebSite : MediaLab.com #
==================================================================================================
# [+] RFU Exploit : #
# http://WebSite.Com/[path]/contents/view-folder.php?fid=[SQLi] #
# [+] Demo : #
# http://davbhilai.org/contents/view-folder.php?fid=7 #
# [+] Admin Panel Address : #
# http://WebSite.Com/[path]/admin/ #
==================================================================================================
# [*] GreetZ To: MrMosiHacker - Mr.XpR - UnknowN - Mr.EBI - SaMaN.BiLiZ & Iranian HaCkerZ #
==================================================================================================