Hey Guys,
Been out of action for a while. Was a bit bored at work today so i decided to break something...and so i did.
This is a SQL Injection exploit that'll retrieve the admin username and password. Currently this script only work's on v 1.1.3 BUT the vulnerability exists in 1.1 - 1.1.3, just can't be bothered to script it as they seem to have a different schema every time they release a new version.
The script is buggered as i can't be bothered to add all the table prefix stuff etc. You can easily change the table prefix though.
GoogleDork:
"Powered by zenphoto"
"Powered by zenphoto" +rss
Enjoy...
https://www.w4ck1ng.com/board/showthread.php/
0day-zenphoto-1-1-6775.html
Monday, 31 December 2007
Subscribe to:
Posts (Atom)