Ocomon 2.0 - SQL Injection

2016-08-2200:00:00

Jonatas Fil

www.exploit-db.com

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

6.8 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

74.0%

JSON

# Exploit Title: Ocomon 2.0: Acess administrative Bypass / Multiple Sql
Injection
# Google Dork: inurl:ocomon/index.php or intitle:Ocomon 2.0-RC6
# Date: 2016.08.18
# Exploit Author: Jonatas Fil a.k.a pwx
# Vendor Homepage: ninj4c0d3r.github.io
# Version: Latest 2.0RC6
# Tested on: Linux And Windows
# CVE : CVE-2005-4664


\xDetails:
========================================
[Software]
- Ocomon

[Bug Summary]
- Multiple SQL Injection (SQLi)

[Impact]
- High

[Affected Version]
- Latest 2.0RC6
- Prior versions may also be affected
=========================================



\x01- Search by dork in google

Dorks:
inurl:ocomon/index.php or intitle:Ocomon 2.0-RC6


\x02 - After, To find the victim, open the inspect element in admin page.

\x03 - Look for the parameter: <body>: <table>: <tbody>: <tr>, and return
valida() and delete the content, leaving blank.

\x04 - After, Sign in using: "admin'or'" For Username and Password.

\x05 - Finish!, You get acess in administrative page to the system.


--------------------------------------------
\xDEMO:

http://200.66.111.38/ocomon/index.php
http://191.241.229.210:8080/ocomon/index.php
http://191.241.229.210:8081/ocomon/index.php
---------------------------------------------

References:

https://packetstormsecurity.com/files/100568/Ocomon-2.0RC6-SQL-Injection.html
http://www.cvedetails.com/cve/CVE-2005-4664/
https://www.securityfocus.com/bid/15386/exploit