logo
0 anonymous
Views: 1027637 Challenges: 342
Users: 12689 Online: 10

Russcom.Loginphp - sql injection, arbitrary file creation – 2 Posts

  • Russcom.Loginphp - sql injection, arbitrary file creation

    05/28/2006 20:58
    theblacksheep's Avatar theblacksheep 5610
    Not SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot Specified
    <a href="%5C"><img alt="\&quot;link\&quot;" src="%5C">http://russcom.net/</a><br><br>One way to reach your goal:<br><br>1. Register as a normal user<br>2. Login<br>3. Go to \"profile\" --&gt; \"Change password\"<br>4. Enter your old password<br>5. Enter as the new password: whatever' WHERE Uname='nameoftheadminuser'/*<br><br>The login as \"nameoftheadminuser\" with the password \"whatever\".<br>Now you can go to \"Admin CP\" and you can edit the whole \"main.php\".<br>Maybe it is also possible to go there without changing the admin's password so that the whole attack would be more stealthy, but I haven't found a way.<br><br>tbs
  • 05/28/2006 20:58
    theblacksheep's Avatar theblacksheep 5610
    Not SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot Specified
    I also like there \"ping\"script:<br><br>--------------------------------------------------------<br>...<br>if($_GET['do'] == 'ping')<br>{<br>$_domain = $_POST['domain'];<br> echo \"<pre>\";<br> system (\"ping -w 10 -c 5 $_domain\");<br><br> echo \"</pre>\";<br>}<br>...<br>--------------------------------------------------------<br><br>tbs