Search...

DigitalEyes - SQL Injection Vulnerability

2012-06-13T00:00:00

ID 1337DAY-ID-18598
Type zdt
Reporter Taurus Omar
Modified 2012-06-13T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0      _                   __           __       __                      1
1    /' \            __  /'__`\        /\ \__  /'__`\                    0
0   /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___            1
1   \/_/\ \ /' _ `\ \/\ \/_/_\_&lt;_  /'___\ \ \/\ \ \ \ \/\`'__\           0
0      \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/            1
1       \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\            0
0        \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/            1
1                   \ \____/ &gt;&gt; Exploit database separated by exploit    0
0                    \/___/          type (local, remote, DoS, etc.)     1
1                                                                        1
0   [x] Official Website: http://www.1337day.com                         0
1   [x] Support E-mail  : mr.inj3ct0r[at]gmail[dot]com                   1
0                                                                        0
1               ==========================================               1
0                     Taurus Omar From Inj3ct0r TEAM                     1
1               ==========================================               0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-1
|                                                                        |
| C _:_ A |     DigitalEyes - SQL Injection Vulnerability      | C _:_ A |
--------------------------------------------------------------------------

==&gt; ABOUT ME:
--- TAURUS OMAR
--- INDEPENDENT SECURITY RESEARCHER
--- ACCESOILEGAL.BLOGSPOT.COM
--- @omartaurus
--- omar-taurus[at]dragonsecurity[dot]org 
--- omar-taurus[at]live[dot]com
 
===&gt; INFO:
Author        : TAURUS OMAR
Category      : Webapps / 0day 
Title Exploit : DigitalEyes - SQL Injection Vulnerability 
Vendor        : DigitalEyes
URL Vendor    : http://www.digitaleyes.it/
Google Dork   : intext:"design by DigitalEyes"
0day exploits : 1337day.com Inj3ct0r Exploit DataBase 

==&gt; SAMPLE'S SQLi:
http://www.picconalbicocco.it/en/vetrina.php?idp=23 [SQL Injection]
http://www.global-international.com/incentive_ships_dett.php?id=29 [SQL Injection]
http://www.campervillage.it/ita/news_scheda.php?n_id=38 [SQL Injection]
http://www.unostruparla.it/detti_e_proverbi.php?id=27 [SQL Injection]
http://www.rosadeiventihotel.it/it/guestbook.php?pageNum_rs_commenti=1 [SQL Injection]
http://www.flascensori.com/prodotti_int.php?p_id=19 [SQL Injection]

MORE IN GOOGLE..



#  0day.today [2018-03-10]  #

JSON Vulners Source

Initial Source

{"hash": "eab279600c23f7878562231f966221e61e5f597718373a0c01fbc6bea953ce6a", "id": "1337DAY-ID-18598", "lastseen": "2018-03-10T02:05:52", "viewCount": 1, "hashmap": [{"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "8a1b9d67edd161eba6df1d6d4a1ba4bc", "key": "description"}, {"hash": "09ccaa08253ba5be259e34ae58a8db09", "key": "href"}, {"hash": "14fffe35561099043d4c4d2b0b2eb2dd", "key": "modified"}, {"hash": "14fffe35561099043d4c4d2b0b2eb2dd", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "9288a9de525593c10c50ba5b85ed205f", "key": "reporter"}, {"hash": "40de93fc8d4468899f05d5f516a4b1e0", "key": "sourceData"}, {"hash": "e5c8b67469fd431f8dec5eb656624ef6", "key": "sourceHref"}, {"hash": "b23f842dd2678736a0265e79ac5094b0", "key": "title"}, {"hash": "0678144464852bba10aa2eddf3783f0a", "key": "type"}], "bulletinFamily": "exploit", "cvss": {"score": 0.0, "vector": "NONE"}, "edition": 2, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}, "dependencies": {"references": [], "modified": "2018-03-10T02:05:52"}, "vulnersScore": 7.5}, "type": "zdt", "sourceHref": "https://0day.today/exploit/18598", "description": "Exploit for php platform in category web applications", "title": "DigitalEyes - SQL Injection Vulnerability", "history": [{"bulletin": {"hash": "4815988ad26cb1cebe432eacabdd29c982a5d0639b44d91585e8a0710e1e6894", "id": "1337DAY-ID-18598", "lastseen": "2016-04-19T02:52:12", "enchantments": {"score": {"value": 7.3, "modified": "2016-04-19T02:52:12"}}, "hashmap": [{"hash": "14fffe35561099043d4c4d2b0b2eb2dd", "key": "published"}, {"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "b23f842dd2678736a0265e79ac5094b0", "key": "title"}, {"hash": "0678144464852bba10aa2eddf3783f0a", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "d24b4108ea20686b8a3696b5851fb987", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "9288a9de525593c10c50ba5b85ed205f", "key": "reporter"}, {"hash": "14fffe35561099043d4c4d2b0b2eb2dd", "key": "modified"}, {"hash": "b545280e023c101148fc79e429924906", "key": "sourceData"}, {"hash": "8a1b9d67edd161eba6df1d6d4a1ba4bc", "key": "description"}, {"hash": "aa531cf6dbdcafb1b12a0fb90ff18a2a", "key": "sourceHref"}], "bulletinFamily": "exploit", "history": [], "edition": 1, "type": "zdt", "sourceHref": "http://0day.today/exploit/18598", "description": "Exploit for php platform in category web applications", "viewCount": 0, "title": "DigitalEyes - SQL Injection Vulnerability", "cvss": {"score": 0.0, "vector": "NONE"}, "objectVersion": "1.0", "cvelist": [], "sourceData": "1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0\r\n0 _ __ __ __ 1\r\n1 /' \\ __ /'__`\\ /\\ \\__ /'__`\\ 0\r\n0 /\\_, \\ ___ /\\_\\/\\_\\ \\ \\ ___\\ \\ ,_\\/\\ \\/\\ \\ _ ___ 1\r\n1 \\/_/\\ \\ /' _ `\\ \\/\\ \\/_/_\\_<_ /'___\\ \\ \\/\\ \\ \\ \\ \\/\\`'__\\ 0\r\n0 \\ \\ \\/\\ \\/\\ \\ \\ \\ \\/\\ \\ \\ \\/\\ \\__/\\ \\ \\_\\ \\ \\_\\ \\ \\ \\/ 1\r\n1 \\ \\_\\ \\_\\ \\_\\_\\ \\ \\ \\____/\\ \\____\\\\ \\__\\\\ \\____/\\ \\_\\ 0\r\n0 \\/_/\\/_/\\/_/\\ \\_\\ \\/___/ \\/____/ \\/__/ \\/___/ \\/_/ 1\r\n1 \\ \\____/ >> Exploit database separated by exploit 0\r\n0 \\/___/ type (local, remote, DoS, etc.) 1\r\n1 1\r\n0 [x] Official Website: http://www.1337day.com 0\r\n1 [x] Support E-mail : mr.inj3ct0r[at]gmail[dot]com 1\r\n0 0\r\n1 ========================================== 1\r\n0 Taurus Omar From Inj3ct0r TEAM 1\r\n1 ========================================== 0\r\n0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-1\r\n| |\r\n| C _:_ A | DigitalEyes - SQL Injection Vulnerability | C _:_ A |\r\n--------------------------------------------------------------------------\r\n\r\n==> ABOUT ME:\r\n--- TAURUS OMAR\r\n--- INDEPENDENT SECURITY RESEARCHER\r\n--- ACCESOILEGAL.BLOGSPOT.COM\r\n--- @omartaurus\r\n--- omar-taurus[at]dragonsecurity[dot]org \r\n--- omar-taurus[at]live[dot]com\r\n \r\n===> INFO:\r\nAuthor : TAURUS OMAR\r\nCategory : Webapps / 0day \r\nTitle Exploit : DigitalEyes - SQL Injection Vulnerability \r\nVendor : DigitalEyes\r\nURL Vendor : http://www.digitaleyes.it/\r\nGoogle Dork : intext:\"design by DigitalEyes\"\r\n0day exploits : 1337day.com Inj3ct0r Exploit DataBase \r\n\r\n==> SAMPLE'S SQLi:\r\nhttp://www.picconalbicocco.it/en/vetrina.php?idp=23 [SQL Injection]\r\nhttp://www.global-international.com/incentive_ships_dett.php?id=29 [SQL Injection]\r\nhttp://www.campervillage.it/ita/news_scheda.php?n_id=38 [SQL Injection]\r\nhttp://www.unostruparla.it/detti_e_proverbi.php?id=27 [SQL Injection]\r\nhttp://www.rosadeiventihotel.it/it/guestbook.php?pageNum_rs_commenti=1 [SQL Injection]\r\nhttp://www.flascensori.com/prodotti_int.php?p_id=19 [SQL Injection]\r\n\r\nMORE IN GOOGLE..\r\n\r\n\n\n# 0day.today [2016-04-19] #", "published": "2012-06-13T00:00:00", "references": [], "reporter": "Taurus Omar", "modified": "2012-06-13T00:00:00", "href": "http://0day.today/exploit/description/18598"}, "lastseen": "2016-04-19T02:52:12", "edition": 1, "differentElements": ["sourceHref", "sourceData", "href"]}], "objectVersion": "1.3", "cvelist": [], "sourceData": "1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0\r\n0 _ __ __ __ 1\r\n1 /' \\ __ /'__`\\ /\\ \\__ /'__`\\ 0\r\n0 /\\_, \\ ___ /\\_\\/\\_\\ \\ \\ ___\\ \\ ,_\\/\\ \\/\\ \\ _ ___ 1\r\n1 \\/_/\\ \\ /' _ `\\ \\/\\ \\/_/_\\_<_ /'___\\ \\ \\/\\ \\ \\ \\ \\/\\`'__\\ 0\r\n0 \\ \\ \\/\\ \\/\\ \\ \\ \\ \\/\\ \\ \\ \\/\\ \\__/\\ \\ \\_\\ \\ \\_\\ \\ \\ \\/ 1\r\n1 \\ \\_\\ \\_\\ \\_\\_\\ \\ \\ \\____/\\ \\____\\\\ \\__\\\\ \\____/\\ \\_\\ 0\r\n0 \\/_/\\/_/\\/_/\\ \\_\\ \\/___/ \\/____/ \\/__/ \\/___/ \\/_/ 1\r\n1 \\ \\____/ >> Exploit database separated by exploit 0\r\n0 \\/___/ type (local, remote, DoS, etc.) 1\r\n1 1\r\n0 [x] Official Website: http://www.1337day.com 0\r\n1 [x] Support E-mail : mr.inj3ct0r[at]gmail[dot]com 1\r\n0 0\r\n1 ========================================== 1\r\n0 Taurus Omar From Inj3ct0r TEAM 1\r\n1 ========================================== 0\r\n0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-1\r\n| |\r\n| C _:_ A | DigitalEyes - SQL Injection Vulnerability | C _:_ A |\r\n--------------------------------------------------------------------------\r\n\r\n==> ABOUT ME:\r\n--- TAURUS OMAR\r\n--- INDEPENDENT SECURITY RESEARCHER\r\n--- ACCESOILEGAL.BLOGSPOT.COM\r\n--- @omartaurus\r\n--- omar-taurus[at]dragonsecurity[dot]org \r\n--- omar-taurus[at]live[dot]com\r\n \r\n===> INFO:\r\nAuthor : TAURUS OMAR\r\nCategory : Webapps / 0day \r\nTitle Exploit : DigitalEyes - SQL Injection Vulnerability \r\nVendor : DigitalEyes\r\nURL Vendor : http://www.digitaleyes.it/\r\nGoogle Dork : intext:\"design by DigitalEyes\"\r\n0day exploits : 1337day.com Inj3ct0r Exploit DataBase \r\n\r\n==> SAMPLE'S SQLi:\r\nhttp://www.picconalbicocco.it/en/vetrina.php?idp=23 [SQL Injection]\r\nhttp://www.global-international.com/incentive_ships_dett.php?id=29 [SQL Injection]\r\nhttp://www.campervillage.it/ita/news_scheda.php?n_id=38 [SQL Injection]\r\nhttp://www.unostruparla.it/detti_e_proverbi.php?id=27 [SQL Injection]\r\nhttp://www.rosadeiventihotel.it/it/guestbook.php?pageNum_rs_commenti=1 [SQL Injection]\r\nhttp://www.flascensori.com/prodotti_int.php?p_id=19 [SQL Injection]\r\n\r\nMORE IN GOOGLE..\r\n\r\n\n\n# 0day.today [2018-03-10] #", "published": "2012-06-13T00:00:00", "references": [], "reporter": "Taurus Omar", "modified": "2012-06-13T00:00:00", "href": "https://0day.today/exploit/description/18598"}

{"securityvulns": [{"lastseen": "2018-08-31T11:09:27", "bulletinFamily": "software", "description": "Directory traversal, script source code access.", "modified": "2007-12-09T00:00:00", "published": "2007-12-09T00:00:00", "id": "SECURITYVULNS:VULN:8426", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:8426", "title": "Simple HTTPD multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-08-31T11:10:24", "bulletinFamily": "software", "description": "\r\n#######################################################################\r\n\r\n Luigi Auriemma\r\n\r\nApplication: Simple HTTPD\r\n http://shttpd.sourceforge.net\r\nVersions: <= 1.38\r\nPlatforms: Windows, *nix, QNX, RTEMS\r\n only Windows seems vulnerable\r\nBugs: A] directory traversal\r\n B] scripts and CGI viewing/downloading\r\n (%20 char found by Shay priel in Jun 2007)\r\nExploitation: remote\r\nDate: 07 Dec 2007\r\nAuthor: Luigi Auriemma\r\n e-mail: aluigi@autistici.org\r\n web: aluigi.org\r\n\r\n\r\n#######################################################################\r\n\r\n\r\n1) Introduction\r\n2) Bugs\r\n3) The Code\r\n4) Fix\r\n\r\n\r\n#######################################################################\r\n\r\n===============\r\n1) Introduction\r\n===============\r\n\r\n\r\nSimple HTTPD (shttpd) is an open source web server created for embedded\r\nsystems.\r\n\r\n\r\n#######################################################################\r\n\r\n=======\r\n2) Bugs\r\n=======\r\n\r\n----------------------\r\nA] directory traversal\r\n----------------------\r\n\r\nUsing the "..\" pattern is possible to download any file in the disk on\r\nwhich is located the web root directory.\r\n\r\n\r\n--------------------------------------\r\nB] scripts and CGI viewing/downloading\r\n--------------------------------------\r\n\r\nAny script or CGI in the server can be viewed/downloaded instead of\r\nbeing executed simply appending the chars '+', '.', %20 (this one\r\nreported by Shay priel in the summer 2007), %2e and any other byte (in\r\nhex format too) major than 0x7f to the requested filename.\r\n\r\n\r\nNote that only Windows seems vulnerable to the above bugs.\r\n\r\n\r\n#######################################################################\r\n\r\n===========\r\n3) The Code\r\n===========\r\n\r\n\r\nA]\r\nhttp://SERVER/..\..\..\boot.ini\r\nhttp://SERVER/..\%2e%2e%5c..\boot.ini\r\n\r\nB]\r\nhttp://SERVER/file.php+\r\nhttp://SERVER/file.php.\r\nhttp://SERVER/file.php%80\r\nhttp://SERVER/file.php%ff\r\n\r\n\r\n#######################################################################\r\n\r\n======\r\n4) Fix\r\n======\r\n\r\n\r\nI have posted the problems in the shttpd-general mailing-list but there\r\nis no reply yet:\r\n\r\n http://sourceforge.net/mailarchive/forum.php?forum_name=shttpd-general\r\n\r\n\r\n#######################################################################\r\n\r\n\r\n--- \r\nLuigi Auriemma\r\nhttp://aluigi.org", "modified": "2007-12-09T00:00:00", "published": "2007-12-09T00:00:00", "id": "SECURITYVULNS:DOC:18598", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:18598", "title": "Two vulnerabilities in Simple HTTPD 1.38", "type": "securityvulns", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-08-31T11:10:15", "bulletinFamily": "software", "description": "\r\nTITLE:\r\nPAM-MySQL SQL Logging and Authentication Vulnerabilities\r\n\r\nSECUNIA ADVISORY ID:\r\nSA18598\r\n\r\nVERIFY ADVISORY:\r\nhttp://secunia.com/advisories/18598/\r\n\r\nCRITICAL:\r\nModerately critical\r\n\r\nIMPACT:\r\nDoS, System access\r\n\r\nWHERE:\r\n>From remote\r\n\r\nSOFTWARE:\r\nPAM-MySQL 0.x\r\nhttp://secunia.com/product/7880/\r\n\r\nDESCRIPTION:\r\nSome vulnerabilities have been reported in PAM-MySQL, which\r\npotentially can be exploited by malicious people to cause a DoS\r\n(Denial of Service) or compromise a vulnerable system.\r\n\r\n1) An unspecified error in the SQL logging facility can potentially\r\nbe exploited to cause a DoS.\r\n\r\n2) A double-free error exists in the authentication and\r\nauthentication token alteration code when handling a pointer returned\r\nby the "pam_get_item()" function. This can be exploited by supplying a\r\nspecially crafted password, which results in a DoS or can potentially\r\nbe exploited to execute arbitrary code.\r\n\r\nThe vulnerabilities have been reported in versions 0.6.1 and 0.7pre2.\r\nPrior versions may also be affected.\r\n\r\nSOLUTION:\r\nUpdate to version 0.6.2.\r\n\r\nThe vulnerabilities have also been addressed in version 0.7pre3.\r\n\r\nPROVIDED AND/OR DISCOVERED BY:\r\nReported by the vendor.\r\n\r\nORIGINAL ADVISORY:\r\nPAM-MySQL:\r\nhttp://pam-mysql.sourceforge.net/News/00005.php\r\nhttp://sourceforge.net/forum/forum.php?forum_id=499394\r\n\r\nJVN:\r\nhttp://jvn.jp/cert/JVNVU%23693909/index.html\r\n\r\nOTHER REFERENCES:\r\nUS-CERT VU#693909:\r\nhttp://www.kb.cert.org/vuls/id/693909\r\n\r\n----------------------------------------------------------------------\r\n\r\nAbout:\r\nThis Advisory was delivered by Secunia as a free service to help\r\neverybody keeping their systems up to date against the latest\r\nvulnerabilities.\r\n\r\nSubscribe:\r\nhttp://secunia.com/secunia_security_advisories/\r\n\r\nDefinitions: (Criticality, Where etc.)\r\nhttp://secunia.com/about_secunia_advisories/\r\n\r\n\r\nPlease Note:\r\nSecunia recommends that you verify all advisories you receive by\r\nclicking the link.\r\nSecunia NEVER sends attached files with advisories.\r\nSecunia does not advise people to install third party patches, only\r\nuse those supplied by the vendor.\r\n", "modified": "2006-02-13T00:00:00", "published": "2006-02-13T00:00:00", "id": "SECURITYVULNS:DOC:11403", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:11403", "title": "[SA18598] PAM-MySQL SQL Logging and Authentication Vulnerabilities", "type": "securityvulns", "cvss": {"score": 0.0, "vector": "NONE"}}]}