ARASTAR - SQL Injection

EDB-ID:

18131

CVE:



Author:

TH3_N3RD

Type:

webapps


Platform:

PHP

Date:

2011-11-19


+#######+ 
|[o] ID |
+#######+
[+] Title              :  ARASTAR SQL Injection Vulnerability
[+] Affected Version   :  ALL VERSIONS
[+] Software Link      :  http://ara-star.com/art.php?ID=172
[+] Tested on          :  Windows XP SP2 <CHROME + FIREFOX>
[+] Date               :  18/11/2011
[+] Dork               :  inurl:'.co.il/Cat.php?ID=' intext:"POWERED BY ARASTAR"
[+] Category           :  Content Management
[+] Severity           :  High
[+] Author             :  TH3_N3RD
[+] Follow on FB       :  https://www.facebook.com/TH3xN3RD

+############+ 
|[o] EXPLOIT |
+############+
[+] http://[website]/cat.php?ID=[SQLi]
[+] ADMINISTRATION PATH : http://[website]/admin-aps
+#########+ 
|[o] PoC  |
+#########+
[+] It Depends On The Column Count Of The Script Version /.-

+------------+ 
|[o] Greet'z |
+------------+
[+] To : #MY MIND# [&] VERGEIRAS [&] ALL THE MOROCCAN HAX0R'z
@`d0n3\-