Tuleap 7.4.99.5 Blind SQL Injection

29 ottobre 2014 - Fonte: http://www.mondounix.com
Vulnerability title: Tuleap <= 7.4.99.5 Authenticated Blind SQL Injection in Enalean Tuleap
CVE: CVE-2014-7176
Vendor: Enalean
Product: Tuleap
Affected version: 7.4.99.5 and earlier
Fixed version: 7.5
Reported by: Jerzy Kramarz
 
Details:
 
SQL injection has been found and confirmed within the software as an authenticated user. A successful attack could allow an authenticated attacker to access information such as usernames and password hashes that are stored in the database. The following URLs and parameters have been confirmed to suffer from SQL injections:
 
 
GET /plugins/docman/?group_id=100&id=16&action=search&global_txt=a<SQL Injection>&global_filtersubmit=Apply HTTP/1.1
Host: 192.168.56.108
User-Agent:...

Leggi il seguito »

CMS Subkarma Cross Site Scripting / SQL Injection

14 ottobre 2014 - Fonte: http://www.mondounix.com
# Multiple SQL Injection & XSS on CMS SUBKARMA
 
# Risk: High
 
# CWE number: CWE-89,CWE-79
 
# Date: 13/10/2014
 
# Vendor: www.jttel.com.tw
 
# Author: Felipe " Renzi " Gabriel
 
# Contact: renzi@linuxmail.org
 
# Tested on:  Linux Mint ; Firefox ; Sqlmap 1.0-dev-nongit-20140906
 
# Vulnerables File: news.php ; product.php ; pro_con.php
 
# Exploits: http://www.target.com/news.php?id=[XSS]
 
            http://www.target.com/product.php?cat_id=[SQLI] & [XSS]
 
            http://www.target.com/pro_con.php?id=[SQLI] & [XSS]
 
 
# PoC:      http://www.cideko.com/product.php?cat_id=18  
 
            http://www.cideko.com/pro_con.php?id=3...

Leggi il seguito »

AllMyVisitors 0.5.0 SQL Injection

3 ottobre 2014 - Fonte: http://www.mondounix.com
AllMyVisitors0.5.0 Blind SQL Injection Vulnerability
====================================================
Author : indoushka
Vondor : http://www.php-resource.net/
Dork:    Copyright (c) 2004 by voice of web
==========================
 
SQL injection is a vulnerability that allows an attacker to alter back-end SQL statements by manipulating the user input. An SQL injection occurs when web applications accept user input that is directly placed into a SQL statement and doesn't properly filter out dangerous characters. 
 
This is one of the most common application layer attacks currently being used on the Internet. Despite the fact that it is relatively easy to protect against, there is a large number of web applications vulnerable.
This...

Leggi il seguito »

WordPress Content Audit 1.6 Blind SQL Injection

2 ottobre 2014 - Fonte: http://www.mondounix.com
Details
================
Software: Content Audit
Version: 1.6
Homepage: http://wordpress.org/plugins/content-audit/
Advisory report: https://security.dxw.com/advisories/blind-sqli-vulnerability-in-content-audit-could-allow-a-privileged-attacker-to-exfiltrate-password-hashes/
CVE: CVE-2014-5389
CVSS: 3.6 (Low; AV:N/AC:H/Au:S/C:P/I:N/A:P)
 
Description
================
Blind SQLi vulnerability in Content Audit could allow a privileged attacker to exfiltrate password hashes
 
Vulnerability
================
An attacker with an admin account is able to add arbitrary text in the “Audited content types” option by using a DOM inspector to modify the value of a checkbox field. This text is then inserted into an SQL query and...

Leggi il seguito »

XRMS Blind SQL Injection / Command Execution

28 agosto 2014 - Fonte: http://www.mondounix.com
#######################
# XRMS Blind SQLi via $_SESSION poisoning, then command exec
#########################
 
import urllib
import urllib2
import time
import sys
 
usercharac = ['a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z','@','.','_','-','1','2','3','4','5','6','7','8','9','0']
userascii = [97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 116, 117, 118, 119, 120, 121, 122, 64, 46, 95, 45, 49, 50, 51, 52, 53, 54, 55, 56, 57, 48]
def banner():
  print """      ____                                      
     / __/_  ______ _  _  ___________ ___  _____
    / /_/ / / / __ `/ | |/_/ ___/ __ `__ \/ ___/
  ...

Leggi il seguito »

WordPress WP Realty Blind SQL Injection

28 ottobre 2013 - Fonte: http://www.mondounix.com
$$$$$$\      $$\   $$\     $$$$$$\ 
$$  __$$\     $$ |  $$ |   $$  __$$\
$$ /  \__|    $$ |  $$ |   $$ /  \__|
$$ |$$$$\     $$$$$$$$ |   \$$$$$$\ 
$$ |\_$$ |    $$  __$$ |    \____$$\
$$ |  $$ |    $$ |  $$ |   $$\   $$ |
\$$$$$$  |$$\ $$ |  $$ |$$\\$$$$$$  |
 \______/ \__|\__|  \__|\__|\______/
 
# Exploit Title: Wordpress - wp-realty - MySQL Time Based Injection
# Google Dork: inurl:"/wp-content/plugins/wp-realty/"
# Vendor: http://wprealty.org/
# Date: 10/08/2013
# Exploit Author: Napsterakos
 
 
Link: http://localhost/wordpress/wp-content/plugins/wp-realty/
 
Exploit: http://localhost/wordpress/wp-content/plugins/wp-realty/index_ext.php?action=contact_friend&popup=yes&listing_id=[SQLi]
 
 
Credits...

Leggi il seguito »

mod_accounting 0.5 Blind SQL Injection

29 settembre 2013 - Fonte: http://www.mondounix.com
   - Affected Vendor: http://sourceforge.net/projects/mod-acct/files/
   - Affected Software: mod_accounting
   - Affected Version: 0.5. Other earlier versions may be affected.
   - Issue type: Blind SQL injection
   - Release Date: 20 Sep 2013
   - Discovered by: Eldar "Wireghoul" Marcussen
   - CVE Identifier: CVE-2013-5697
   - Issue status: Abandoned software, no patch available
 
Summary
 
mod_accounting is a traffic accounting module for Apache 1.3.x which
records traffic numbers in a database. Both MySQL and PostgreSQL database
types are supported. It supports arbitrary database designs as traffic
recording is performed via a user defined query in the Apache configuration
using placeholders for received...

Leggi il seguito »

Joomla JVideoClip Blind SQL Injection

24 settembre 2013 - Fonte: http://www.mondounix.com
================================================================================
Joomla Component com_jvideoclip (cid|uid|id) Blind SQL Injection / SQL Injection
================================================================================
 
Author          : SixP4ck3r
Email & msn     : SixP4ck3r@Bolivia.com
Date            : 21 Sept 2013
Critical Lvl    : Medium
Impact          : Exposure of sensitive information
Where           : From Remote
Blog      : http://sixp4ck3r.blogspot.com/
Credits        : To my love!
Dork           : inurl:com_jvideoclip
 
---------------------------------------------------------------------------
 
[Exploting..Bug..Demo..]
 
http://example/index.php?option=com_jvideoclip&view=search&type=user&uid=[SQLi]&Itemid=6
 
[Blind...

Leggi il seguito »

AVE.CMS 2.09 Blind SQL Injection

24 maggio 2013 - Fonte: http://www.mondounix.com
#!/usr/bin/env python
 
import urllib, sys, time
 
#######################################################################################
# Exploit Title: AVE.CMS <= 2.09 - Remote Blind SQL Injection Exploit
# Date: 23/05/2013
# Author: mr.pr0n (@_pr0n_)
# Homepage: http://ghostinthelab.wordpress.com/
# Vendor Homepage: http://www.overdoze.ru/
# Software Link: websvn.avecms.ru/listing.php?repname=AVE.cms+2.09
# Version: V2.09 and 2.09RC2
# Tested on: Linux Debian 2.6.32-5-686
# Description: The "module" parameter is vulnerable to Blind SQL Injection.
# Solution : Update to newest version.
#######################################################################################
 
print "+----------------------------------------------------------+"
print...

Leggi il seguito »

PsychoStats 3.2.2b Blind SQL Injection

29 marzo 2013 - Fonte: http://www.mondounix.com
Exploit Title :  PsychoStats awards.php blind SQL Injection
==============
Date: 27/03/2013 00:50
=====
Author: Mohamed from ALG
======
Vendor or Software Link:http://psychostats.us/
=======================
Version: 3.2.2b
========
Category: webapps
=========
Google Keywords: "Powered by PsychoStats 3.2.2b"
===============
contact: senderberd[at]gmail.com
========
 
exploit:
========
 
http://server/awards.php?d=YYYY-MM-DD{Inject hier your blind SQL injection}
 
 
Use Havij to easy exploit
Enjoy
 
 
S.Th To a El Koyot
 
end
...

Leggi il seguito »