Alstrasoft EPay Enterprise 4.0 – Blind SQL Injection

• Exploit Database
• 40 阅读

• 作者： Don
  日期： 2011-12-06
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/18207/

• ############################################################################
  # Exploit Title: *AlstraSoft EPay Enterprise v4.0 Blind SQL Injection*
  # Google Dork: *Copyright @ 2010 iPayGold.com*
  # Date: *Decembar/6/2011*
  # Author: *Don (BalcanCrew & BalcanHack)*
  # Software Link: *http://www.alstrasoft.com/epay_enterprise.htm*
  # Version: *4.0*
  # Tested on: *Apache/1.3.37*
  ############################################################################
  # An attacker may execute arbitrary SQL statements on the vulnerable
  system.
  # This may compromise the integrity of your database and/or expose
  sensitive information.
  # Depending on the back-end database in use,
  # SQL injection vulnerabilities lead to varying levels of data/system
  access for the attacker.
  # It may be possible to not only manipulate existing queries, but to UNION
  in arbitrary data,
  # use subselects, or append additional queries. In some cases,
  # it may be possible to read in or write out to files, or to execute shell
  commands on the underlying operating system.
  # Certain SQL Servers such as Microsoft SQL Server contain stored and
  extended procedures (database server functions).
  # If an attacker can obtain access to these procedures it may be possible
  to compromise the entire machine.
  ############################################################################
  Attack details:
  
  URL encoded GET input product was set to 11-2+2*3-6
  
  *Vulnerability:*
  http://server/process.htm?action=product&member=justme&product=11-2%2b2*3-6&send=yes
  
  *How to fix this vulnerability:*
  Script should filter metacharacters from *user input*.
  
  *Don*