Infopublica Solutions SQL Injection

2011.06.16
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

========================================================================= INFOPUBLICA Solutions SQL-i Vulnerability ========================================================================== +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+= +=+=+= +=+=+= +=+=+= /\ | | | | ________ _____ _____ __ _ __ +=+=+= +=+=+= / \ | |__| | _____ / ______/ | _ \ | ____|\ \ / \ / / +=+=+= +=+=+= / /\ \| |__| | /_____/ | | | |_) / | |__ \ \/ \/ / +=+=+= +=+=+= / ____ \ | | | | |_______ | __\ \ | __| \ / +=+=+= +=+=+= /_/ \_\| | | |________/ |_| \_\ | |_______\_____/_____ +=+=+= +=+=+= |_____________________|+=+=+= +=+=+= +=+=+= +=+=+= X-n3t - **RoAd_KiLlEr** - The|Denny` - The_1nv1s1bl3 +=+=+= +=+=+= +=+=+= +=+=+= 0ne Nation , 0ne People , 0ne Culture , 0ne Language = Ethnic Albania +=+=+= +=+=+= +=+=+= +=+=+= ....::: | ALBANIAN HACKING CREW | :::.... 2011 +=+=+= +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+= 0 0 1 ########################################### 1 0 I'm **RoAd_KiLlEr** member from 1337 DAY Team 1 1 ########################################### 0 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1 [+]Title :....... INFOPUBLICA Solutions SQL-i Vulnerability [+]Author :......**RoAd_KiLlEr** [+]Tested on :...Win Xp Sp 2/3 --------------------------------------------------------------------------- [~] Founded by **RoAd_KiLlEr** [~] Team: Albanian Hacking Crew [~] Contact: sukihack[at]gmail[dot]com [~] Home: http://1337day.com/author/2447 & http://road-killer.blogspot.com [~] Vendor: http://www.infopublica.gr ==========ExPl0iT3d by **RoAd_KiLlEr**========== [+] DORK: Copyright © 1999 - 2011 INFOPUBLICA S.A [+] Description: Since 1978 Infopublica S.A. (a Greek publishing company) has been offering reliable information in the markets of industry, marketing and hospitality through print and online publications, helping executives make the right decisions. The relationship the company has established with its readers makes it a valuable partner also to its advertisers who want their message to reach successfully a niche market. [ I ]. SQL-i Vulnerability +=+=+=+=+=+=+=+=+=+=+=+=+=+=+ [+++] Note: Every web page developed INFOPUBLICA S.A is vulnerable to Sql-Injection. Use the Dork to find websites,than find any "php" file with "id" parameter [ index.php?id=]. Input passed to the "id" parameter in the "index.php" is not properly sanitised before being used in SQL queries. [P0C]: http://127.0.0.1/index.php?id= [ SQL-INJECTION] [L!v3 D3m0's]: http://www.plant-management.gr/index.php?id='14229 http://www.hotel-restaurant.gr/index.php?id='10149 http://www.publicity-guide.gr/index.php?id='11666 [+] TIME TABLE: 13 June 2011 - Vulnerability discovered. 15 June 2011 - Advisory released. =========================================================================================== [!] Albanian Hacking Crew =========================================================================================== [!] **RoAd_KiLlEr** says: FUCK BDI,Mbasi jeni qaq lesha me votu BDI,Ishalla jav venon kishat ke Shpija. PDSH 4 Life. =========================================================================================== [!] MaiL: sukihack[at]gmail[dot]com =========================================================================================== [!] Greetz To : Ton![w]indowS | X-n3t | The|DennY` | THE_1NV1S1BL3 | KHG & All Albanian/Kosova Hackers =========================================================================================== [!] Spec Th4nks: r0073r | indoushka in Jail :( | Sid3^effects | jdc from jeffchannell.com | DoNnY | MaFiTeRRoR | | bda.a7v | Sifu | L0NnY | All 1337day Members | And All My Friendz =========================================================================================== [!] Red n'black i dress eagle on my chest It's good to be an ALBANIAN Keep my head up high for that flag I die Im proud to be an ALBANIAN ===========================================================================================


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top