Matrix Design (news.php) SQL Injection Vulnerability

2010-11-04T00:00:00
ID 1337DAY-ID-14725
Type zdt
Reporter H-SK33PY
Modified 2010-11-04T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            ====================================================
Matrix Design (news.php) SQL Injection Vulnerability
====================================================

   010101010101010101010101010101010101010101010101010101010
   0                                                       0
   1        Iranian Datacoders Security Team 2010          1
   0							   0
   1               WWW.DataCoders.Org                      1
   010101010101010101010101010101010101010101010101010101010

#############################################################################
# Exploit Title: Matrix Design (news.php) SQL Injection Vulnerability       #
# Date: 03/11/2010  					                    # 
# Author: Iranian DataCoders					            #
# Credit : H-SK33PY							    #
# Software Link: http://www.matrixdesigngroup.com/                          #
# Version :  N/A 							    #
# Platform / Tested on: php/linux					    #
# Google Dork : intext:"Powered By Matrix Design"                           #
# Category: webapplications						    #
# Code : [SQL injection]						    #
# Our Website: http://www.datacoders.org/				    #
#############################################################################

#BUG:#########################################################################

Enter (') String character and you will be see error in mysql .

And get for SQL Injection XPL :

http://victim/path/news.php?id=1[SQL injection]

#2 Site Example for this vulnerability:

http://www.ghananuts.com/new/news.php?id=1[SQL injection]
http://vickimd.dsvr.co.uk/new/news.php?id=1[SQL injection]

#End BUG:#####################################################################

############################################################################################
#																						   #
# We Are: Immortal Boy |  Skitt3r | Net.Edit0r | Sp|R|T | 3r1ck | r00t | mohamad_ir |      #
# 																						   #
#            mehrdadab7 | BigB4NG | Dr.Mute | Blacksun | NIK  | Blo0DY.Cod3r               #
# 																						   #
#                           And All Iranian DataCoders Members       					   #
# 																						   #
#                            Don't Forget WwW.DataCoders.Org							   #    
############################################################################################



#  0day.today [2018-04-13]  #