Author | Post | |||
theblacksheep |
http://russcom.net/ One way to reach your goal: 1. Register as a normal user 2. Login 3. Go to "profile" --> "Change password" 4. Enter your old password 5. Enter as the new password: whatever' WHERE Uname='nameoftheadminuser'/* The login as "nameoftheadminuser" with the password "whatever". Now you can go to "Admin CP" and you can edit the whole "main.php". Maybe it is also possible to go there without changing the admin's password so that the whole attack would be more stealthy, but I haven't found a way. tbs |
|||
28.05.2006 22:58:39 |
|
|||
theblacksheep |
I also like there "ping"script: -------------------------------------------------------- ... if($_GET['do'] == 'ping') { $_domain = $_POST['domain']; echo "<pre>"; system ("ping -w 10 -c 5 $_domain"); echo "</pre>"; } ... -------------------------------------------------------- tbs |
|||
28.05.2006 23:10:24 |
|