facebook facebook twitter rss

HASCRIPT Shop Sql Injection

Author: xSecurity , Published: 06-07-2014
==============================================
# Exploit Title: HASCRIPT Shop Sql Injection
# Author: xSecurity
# Software : http://www.traidnt.net/vb/traidnt2424562/
# Tested on: Windows
# Dork : -
==============================================
[+] Exploit :-

File Infect : new_replay.php
line : 20 -> $reply = $_POST['reply'];
$insert = mysql_query("insert into contact_reply (contact_id,username,useremail,reply,date) values ('$id','$username','$useremail','$reply','$time')");

+++++++
File Infect : edittheard.php
line : 24 -> $contain = $_POST['contain'];
$update = mysql_query("update `topic` set `contain`='$contain',`editor`='$user_editor',`edit_time`='$date' where `id`='$id'");
+++++++
There Other SQL Injection Inside /cp/ + Out =D

How To Inject : http://amolnaik4.blogspot.com/2012/02/sql-injection-in-insert-query.html
U Must Login =)

==============================================
[+] Skype : xSecur1ty
==============================================
[+] Greet's : Uzundz | DamaneDz | RAB3OUN | Sec4ever | DeeF | HaNNiBaL KsA | FoX HaCkEr | Lov3rDNS | Mr.Dm4r |
[+] Homepage : sec4ever.com - exploit4arab.net
==============================================

Like us on Facebook :