Russcom.Loginphp - sql injection, arbitrary file creation [TBS]

::[Home]

::[News]

::[Challenges]

::[Ranking]

::[My Account]

::[Forum]

::[Chat]

::[Private Messages]

::[Vulnerable Code]

::[Tutorials]

::[Downloads/Scripts]

::[Support]

::[Links]

::[Contact/FAQ]

::[Login]

0 anonymous

Views:	1076007	Challenges:	342
Users:	12689	Online:	10

Russcom.Loginphp - sql injection, arbitrary file creation – 2 Posts

Russcom.Loginphp - sql injection, arbitrary file creation
05/28/2006 20:58

theblacksheep 5610
Not SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot Specified

<a href="%5C"><img alt="\"link\"" src="%5C">http://russcom.net/</a><br><br>One way to reach your goal:<br><br>1. Register as a normal user<br>2. Login<br>3. Go to \"profile\" --> \"Change password\"<br>4. Enter your old password<br>5. Enter as the new password: whatever' WHERE Uname='nameoftheadminuser'/*<br><br>The login as \"nameoftheadminuser\" with the password \"whatever\".<br>Now you can go to \"Admin CP\" and you can edit the whole \"main.php\".<br>Maybe it is also possible to go there without changing the admin's password so that the whole attack would be more stealthy, but I haven't found a way.<br><br>tbs

Edit

Reply

Quote

0 Likes
05/28/2006 20:58

theblacksheep 5610
Not SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot Specified

I also like there \"ping\"script:<br><br>--------------------------------------------------------<br>...<br>if($_GET['do'] == 'ping')<br>{<br>$_domain = $_POST['domain'];<br> echo \"<pre>\";<br> system (\"ping -w 10 -c 5 $_domain\");<br><br> echo \"</pre>\";<br>}<br>...<br>--------------------------------------------------------<br><br>tbs

Edit

Reply

Quote

0 Likes

Impressum Privacy Contact