PHP SQL Injection Vulnerability / overwrite injection

2010-06-14T00:00:00
ID 1337DAY-ID-12709
Type zdt
Reporter mc2_s3lector
Modified 2010-06-14T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            =====================================================
PHP SQL Injection Vulnerability / overwrite injection
=====================================================


1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=1
0     _                   __           __       __                     0
1   /' \            __  /'__`\        /\ \__  /'__`\                   1
0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           0
1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          1
0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           0
1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           1
0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           0
1                  \ \____/ >> Exploit database separated by exploit   1
0                   \/___/                                             0
0                                                                      1
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-0

[+] Title	: PHP SQL Injection Vulnerability||overwrite injection
[+] Author	: mc2_s3lector
[+] site	: www.yogyacarderlink.web.id
[+] Aplication	: inurl:"edit.php?id="
[+] Dork        : inurl:"com_image"


demo:

DNSnam.com/[patch]/edit.php?id=
DNSnam.com/[patch]/edit.php?id=[sqli]


overwrit :
Edit Comment||edit entry|Guesthost||Edit Event||Edit News Post

demo:
http://www.golaketravis.com/news-edit.php?id=1023
http://www.samsrock.net/admin/edit.php?id=1824&list_id=1&page=1

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=1
0	      thank to : All yogyacardrlink crew   		       0
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=1
0	      thank to : KeDaicomputerworks   		               0
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1




#  0day.today [2018-03-20]  #