exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

AlstraSoft EPay Enterprise 4.0 SQL Injection

AlstraSoft EPay Enterprise 4.0 SQL Injection
Posted Dec 6, 2011
Authored by Don from BalcanCrew

AlstraSoft EPay Enterprise version 4.0 suffers from a remote blind SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 745883b54cf35eb9a6ff37a0e2b066386de511bfab315dfe1540bfe765e96982

AlstraSoft EPay Enterprise 4.0 SQL Injection

Change Mirror Download
############################################################################
# Exploit Title: *AlstraSoft EPay Enterprise v4.0 Blind SQL Injection*
# Google Dork: *Copyright @ 2010 iPayGold.com*
# Date: *Decembar/6/2011*
# Author: *Don (BalcanCrew & BalcanHack)*
# Software Link: *http://www.alstrasoft.com/epay_enterprise.htm*
# Version: *4.0*
# Tested on: *Apache/1.3.37*
############################################################################
# An attacker may execute arbitrary SQL statements on the vulnerable
system.
# This may compromise the integrity of your database and/or expose
sensitive information.
# Depending on the back-end database in use,
# SQL injection vulnerabilities lead to varying levels of data/system
access for the attacker.
# It may be possible to not only manipulate existing queries, but to UNION
in arbitrary data,
# use subselects, or append additional queries. In some cases,
# it may be possible to read in or write out to files, or to execute shell
commands on the underlying operating system.
# Certain SQL Servers such as Microsoft SQL Server contain stored and
extended procedures (database server functions).
# If an attacker can obtain access to these procedures it may be possible
to compromise the entire machine.
############################################################################
Attack details:

URL encoded GET input product was set to 11-2+2*3-6

*Vulnerability:*
http://server/process.htm?action=product&member=justme&product=11-2%2b2*3-6&send=yes

*How to fix this vulnerability:*
Script should filter metacharacters from *user input*.

*Don*

Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close