Calpine Technologies BSQL Injection Vulnerability

2010-11-04T00:00:00
ID 1337DAY-ID-14726
Type zdt
Reporter H-SK33PY
Modified 2010-11-04T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            =================================================
Calpine Technologies BSQL Injection Vulnerability
=================================================

   010101010101010101010101010101010101010101010101010101010
   0                                                       0
   1        Iranian Datacoders Security Team 2010          1
   0							   0
   1               WWW.DataCoders.Org                      1
   010101010101010101010101010101010101010101010101010101010

##############################################################################
# Exploit Title: Calpine Technologies BSQL Injection Vulnerability           #
# Date: 03/11/2010  							     # 
# Author: Iranian DataCoders						     #
# Credit : H-SK33PY							     #
# Software Link: http://www.calpinetech.com/                                 #
# Version :  N/A 							     #
# Platform / Tested on: php/linux					     #
# Google Dork : inurl:"*.php?id=" & intext:"Powered by Calpine Technologies" #
# Category: webapplications						     #
# Code : [BSQL injection]						     #
# Our Website: http://www.datacoders.org/				     #
##############################################################################

#BUG:#########################################################################

Enter (') String character and you will be see error in mysql .

And get for SQL Injection XPL :

http://victim/path/news.php?id=1[BSQL injection]


#2 Site Example for this vulnerability:

http://www.keralait.org.p.in.hostingprod.com/news.php?id=1[BSQL injection]
http://www.keralait.org/news.php?id=1[BSQL injection]

#End BUG:#####################################################################

############################################################################################
#																						   #
# We Are: Immortal Boy |  Skitt3r | Net.Edit0r | Sp|R|T | 3r1ck | r00t | mohamad_ir |      #
# 																						   #
#            mehrdadab7 | BigB4NG | Dr.Mute | Blacksun | NIK  | Blo0DY.Cod3r               #
# 																						   #
#                           And All Iranian DataCoders Members       					   #
# 																						   #
#                            Don't Forget WwW.DataCoders.Org							   #    
############################################################################################



#  0day.today [2018-04-14]  #